Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12082

phpbb filesystem removes slashes after scheme of URI if path is out of bounds

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Invalid
    • 3.1.0-dev, 3.1.0-a2
    • 3.1.0-a3
    • Other
    • None

    Description

      If a URL like

      http://localhost/phpbb3/../../../index.php

      is supplied to clean_path(), the method removes more slashes than it obviously should. The above URL results in this cleaned path:

      http:/index.php

      That new, cleaned URL is obviously incorrect and does not follow the URI scheme anymore.
      I'm not sure if clean_path shouldn't be used for URLs or if we should just make sure that the slashes after the URI scheme are not removed.

      Attachments

        Activity

          People

            bantu Andreas Fischer
            Marc Marc
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: