Backport 7eec48268ebb6a17656df4a059f9e7b43991472f to 2.x

Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.
This commit is contained in:
mark_story 2015-06-07 15:45:16 -04:00
parent 0e6fcc02b8
commit 6d60e6a4db
2 changed files with 20 additions and 0 deletions

View file

@ -293,6 +293,8 @@ class CakeRequest implements ArrayAccess {
if (!$baseUrl) { if (!$baseUrl) {
$base = dirname(env('PHP_SELF')); $base = dirname(env('PHP_SELF'));
// Clean up additional / which cause following code to fail..
$base = preg_replace('#/+#', '/', $base);
$indexPos = strpos($base, '/webroot/index.php'); $indexPos = strpos($base, '/webroot/index.php');
if ($indexPos !== false) { if ($indexPos !== false) {

View file

@ -1361,6 +1361,24 @@ class CakeRequestTest extends CakeTestCase {
$this->assertEquals('/cakephp/bananas/eat/tasty_banana', $request->here); $this->assertEquals('/cakephp/bananas/eat/tasty_banana', $request->here);
} }
/**
* Test that even if mod_rewrite is on, and the url contains index.php
* and there are numerous //s that the base/webroot is calculated correctly.
*
* @return void
*/
public function testBaseUrlWithModRewriteAndExtraSlashes() {
$_SERVER['REQUEST_URI'] = '/cakephp/webroot///index.php/bananas/eat';
$_SERVER['PHP_SELF'] = '/cakephp/webroot///index.php/bananas/eat';
$_SERVER['PATH_INFO'] = '/bananas/eat';
$request = new CakeRequest();
$this->assertEquals('/cakephp', $request->base);
$this->assertEquals('/cakephp/', $request->webroot);
$this->assertEquals('bananas/eat', $request->url);
$this->assertEquals('/cakephp/bananas/eat', $request->here);
}
/** /**
* Test base, webroot, and URL parsing when there is no URL rewriting * Test base, webroot, and URL parsing when there is no URL rewriting
* *