From 6ed3da1da44bfadd394ae6c32230f87d57b9d005 Mon Sep 17 00:00:00 2001 From: moodler Date: Sun, 12 Jan 2003 06:53:25 +0000 Subject: [PATCH] Cleaned up file argument processing a bit --- file.php | 10 ++++++---- lib/weblib.php | 37 ++++++++++++++++++++++++++----------- user/lib.php | 2 +- user/pix.php | 10 +++++----- 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/file.php b/file.php index 4ef1baf4c0..95b86aa9ad 100644 --- a/file.php +++ b/file.php @@ -8,14 +8,16 @@ $lifetime = 86400; if (isset($file)) { // workaround for situations where / syntax doesn't work - $PATH_INFO = $file; + $pathinfo = $file; + } else { + $pathinfo = get_slash_arguments("file.php"); } - if (!$PATH_INFO) { - error("This script DEPENDS on PATH_INFO being available. Read the README."); + if (!$pathinfo) { + error("No file parameters!"); } - if (! $args = get_slash_arguments()) { + if (! $args = parse_slash_arguments($pathinfo)) { error("No valid arguments supplied"); } diff --git a/lib/weblib.php b/lib/weblib.php index 512a1c8f04..7970cdff5e 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -397,29 +397,44 @@ function validate_email ($address) { $address)); } +function get_slash_arguments($file="file.php") { +/// Searches the current environment variables for some slash arguments -function get_slash_arguments($i=0) { -/// Extracts arguments from "/foo/bar/something" -/// eg http://mysite.com/script.php/foo/bar/something -/// Might only work on Apache - - global $PATH_INFO; + if (isset($_SERVER['PATH_INFO'])) { + return $_SERVER['PATH_INFO']; + } - if (!isset($PATH_INFO)) { + if (isset($_SERVER['PHP_SELF'])) { + $string = $_SERVER['PHP_SELF']; + } else if (isset($_SERVER['REQUEST_URI'])) { + $string = $_SERVER['REQUEST_URI']; + } else { return false; } + $pathinfo = explode($file, $string); + + if (!empty($path_info[1])) { + return $path_info[1]; + } else { + return false; + } +} + +function parse_slash_arguments($string, $i=0) { +/// Extracts arguments from "/foo/bar/something" +/// eg http://mysite.com/script.php/foo/bar/something - if (strpos($PATH_INFO, "..")) { // check for parent URLs + if (strpos($string, "..")) { // check for parent URLs return false; } - if (strpos($PATH_INFO, "|")) { // check for pipes + if (strpos($string, "|")) { // check for pipes return false; } - if (strpos($PATH_INFO, "`")) { // check for backquotes + if (strpos($string, "`")) { // check for backquotes return false; } - $args = explode("/", $PATH_INFO); + $args = explode("/", $string); if ($i) { // return just the required argument return $args[$i]; diff --git a/user/lib.php b/user/lib.php index e329366499..ceb8c6da9d 100644 --- a/user/lib.php +++ b/user/lib.php @@ -122,7 +122,7 @@ function save_user_image($userid, $filename) { } } - if ($badpermissions) { + if (!empty($badpermissions)) { return 0; } else { diff --git a/user/pix.php b/user/pix.php index 9feff114a0..fd06d3c40a 100644 --- a/user/pix.php +++ b/user/pix.php @@ -7,14 +7,14 @@ $lifetime = 86400; - if (isset($file)) { - $PATH_INFO = $file; + if (isset($file)) { // workaround for situations where / syntax doesn't work + $pathinfo = $file; - } else if (!$PATH_INFO) { - $PATH_INFO = ""; // Will just show default picture + } else { + $pathinfo = get_slash_arguments("pix.php"); } - if (! $args = get_slash_arguments()) { + if (! $args = parse_slash_arguments($pathinfo)) { error("No valid arguments supplied"); } -- 2.39.5