Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
3.3.1, 3.3.3
-
None
-
None
-
None
-
PHP 7.4.10
AlpineLinux docker container
(Browser and DB irrelevant)
Description
Hi,
On my forums, some URLs, most importantly the "Forgot password" form action, are badly generated, with the "app.php" being repeated.
You can see it in action live here . See that the form action points to "/forum/app.php/app.php/user/forgot_password" , which obviously fails.
Regarding the board settings, I have force_server_vars to false, and URL rewriting fully disabled (on board and web server).
I have verified in my dev environment that, if I put force_server_vars to true (and all vars configured), it works fine.
This issue affected the board in 3.3.1 already, and still since I recently migrated to 3.3.3.
After debugging, I found that the error lies in /phpbb/routing/helper.php#route method, with the baseUrl value that is resolved.
- With force_server_vars enabled, baseUrl is read from config['script_path'].
This contains only the path to forum root (in my case "forum")
- With force_server_vars disabled, baseUrl is taken directly from RequestContext, which itself takes it from HttpFoundation\Request#getBaseUrl.
As per the Request#getBaseUrl documentation, it contains the script name as well : in my case "forum/app.php", hence the problem.
Considering that Symfony's documentation explicitly states that the baseUrl contains the script name, the logic of phpBB is wrong here.
I would suggest replacing
$base_url = $context->getBaseUrl();
|
by something like
if ($this->config['force_server_vars']) |
{
|
$base_url = rtrim($this->config['script_path'], '/'); |
}
|
else
|
{
|
$base_url = $context->getBaseUrl();
|
if(basename($base_url) == basename($_SERVER['SCRIPT_FILENAME'])) |
{
|
$base_url = dirname($base_url);
|
}
|
}
|
which I've validated to work in my dev env.
