recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Handle manually crafted urls with array syntax for %%%__path__%%%

Summary:
This parses the incoming request URI from $_SERVER,
similar to how the built-in PHP webserver is handled.

Fixes T16145

Test Plan: Visit http://phorge.localhost/P1?__path__=%2fP1&__path__[]=/P1 and compare with this change.

Reviewers: O1 Blessed Committers, aklapper

Reviewed By: O1 Blessed Committers, aklapper

Subscribers: aklapper, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T16145

Differential Revision: https://we.phorge.it/D26132

mainframe98 12967700 fd9be992

+14 -3
+14 -3
support/startup/PhabricatorStartup.php
··· 581 581 // to "$_REQUEST" here won't always work, because later code may rebuild 582 582 // "$_REQUEST" from other sources. 583 583 584 - if (isset($_REQUEST['__path__']) && strlen($_REQUEST['__path__'])) { 585 - self::setRequestPath($_REQUEST['__path__']); 584 + if (isset($_REQUEST['__path__']) && $_REQUEST['__path__'] !== '') { 585 + // Carefully crafted urls can supply their own __path__. 586 + // Harmless normally, but when specified as __path__[], 587 + // it becomes an array and overwrites the initial __path__. 588 + // Parse the request uri directly to send the user to the right place. 589 + if (is_array($_REQUEST['__path__'])) { 590 + $path = parse_url($_SERVER['REQUEST_URI'])['path']; 591 + } else { 592 + $path = $_REQUEST['__path__']; 593 + } 594 + 595 + self::setRequestPath($path); 586 596 return; 587 597 } 588 598 ··· 599 609 "are not configured correctly."); 600 610 } 601 611 602 - if (!strlen($_REQUEST['__path__'])) { 612 + if ($_REQUEST['__path__'] === '') { 603 613 self::didFatal( 604 614 "Request parameter '__path__' is set, but empty. Your rewrite rules ". 605 615 "are not configured correctly. The '__path__' should always ". ··· 626 636 627 637 /** 628 638 * @task request-path 639 + * @param string $path 629 640 */ 630 641 public static function setRequestPath($path) { 631 642 self::$requestPath = $path;