Backport 7eec48268ebb6a17656df4a059f9e7b43991472f to 2.x

Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.

lib/Cake/Network/CakeRequest.php

@@ -293,6 +293,8 @@ class CakeRequest implements ArrayAccess {
 
 		if (!$baseUrl) {
 			$base = dirname(env('PHP_SELF'));
+			// Clean up additional / which cause following code to fail..
+			$base = preg_replace('#/+#', '/', $base);
 
 			$indexPos = strpos($base, '/webroot/index.php');
 			if ($indexPos !== false) {

lib/Cake/Test/Case/Network/CakeRequestTest.php

@@ -1361,6 +1361,24 @@ class CakeRequestTest extends CakeTestCase {
 		$this->assertEquals('/cakephp/bananas/eat/tasty_banana', $request->here);
 	}
 
+	/**
+	 * Test that even if mod_rewrite is on, and the url contains index.php
+	 * and there are numerous //s that the base/webroot is calculated correctly.
+	 *
+	 * @return void
+	 */
+	public function testBaseUrlWithModRewriteAndExtraSlashes() {
+		$_SERVER['REQUEST_URI'] = '/cakephp/webroot///index.php/bananas/eat';
+		$_SERVER['PHP_SELF'] = '/cakephp/webroot///index.php/bananas/eat';
+		$_SERVER['PATH_INFO'] = '/bananas/eat';
+		$request = new CakeRequest();
+
+		$this->assertEquals('/cakephp', $request->base);
+		$this->assertEquals('/cakephp/', $request->webroot);
+		$this->assertEquals('bananas/eat', $request->url);
+		$this->assertEquals('/cakephp/bananas/eat', $request->here);
+	}
+
 /**
  * Test base, webroot, and URL parsing when there is no URL rewriting
  *