Changed ticket status from "New" to "Will not fix"
Action performed by Kellanved (Former Team Member) on Jun 2nd 2009, 21:56
phpBB 3.0.5 Missing Language Validation:
The language validation in the phpBB 3 Installer is pretty good- just check if the specified sub dir exists in language/ by using is_file(). The problem is when some joker decides to put &language=index.htm in the query string.
Result is a bunch of PHP Warnings:
Warning: include(./../language/index.htm/common.php) [function.include]: failed to open stream: Not a directory in /Library/WebServer/Documents/phpBB3/install/index.php on line 227
Warning: include() [function.include]: Failed opening './../language/index.htm/common.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /Library/WebServer/Documents/phpBB3/install/index.php on line 227
Warning: include(./../language/index.htm/acp/common.php) [function.include]: failed to open stream: Not a directory in /Library/WebServer/Documents/phpBB3/install/index.php on line 228
(and so on...)
and finally, the template tokens such as {INSTALL_PANEL}, {SKIP}, {SELECT_LANG} and so on are left exposed.
These errors will also occur after installation has been completed.
If the user some-how manages to complete installation, or at least make it to the 'create schema' step of the install phase, the admin user's user_lang will be set to index.htm in the phpbb_users, and so will default_lang in phpbb_config. Thus, all subsequent attempts by any user to access any non-installer phpBB pages will die with:
Language file ./language/index.htm/common.php couldn't be opened.
Suggested behavior: add an is_dir() check when validating the language argument. This is in the code block in the file install/index.php immediately following:
// Try and load an appropriate language if required
$language = basename(request_var('language', ''));
Date found: 01 June, 2009
by Dog Cow