// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information // available as used by the redirect function $server_name = !empty($_SERVER['HTTP_HOST']) ? strtolower($_SERVER['HTTP_HOST']) : (!empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_port = !empty($_SERVER['SERVER_PORT']) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); $secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 1 : 0; $script_name = !empty($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); if (!$script_name) { $script_name = !empty($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); } // $phpbb_root_path accounts for redirects from e.g. /adm $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx; // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); // Eliminate . and .. from the path $script_path = phpbb_clean_path($script_path); $url = ($secure ? 'https://' : 'http://') . $server_name; if ($server_port && ($secure && $server_port != 443 || !$secure && $server_port != 80)) { // HTTP HOST can carry a port number... if (strpos($server_name, ':') === false) { $url .= ':' . $server_port; } } $url .= $script_path; header('Location: ' . $url); exit; } if (defined('DEBUG_EXTRA')) { $base_memory_usage = 0; if (function_exists('memory_get_usage')) { $base_memory_usage = memory_get_usage();
/** * @dataProvider clean_path_test_data */ public function test_clean_path($input, $expected) { $output = phpbb_clean_path($input); $this->assertEquals($expected, $output); }