X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/979fd71983f72991b7b698d0fa57b46213503672..f92fbaf636d620a0092fff8b715be9a493547b4f:/src/phorkie/Tools.php

diff --git a/src/phorkie/Tools.php b/src/phorkie/Tools.php
index 7c9c46e..2febb29 100644
--- a/src/phorkie/Tools.php
+++ b/src/phorkie/Tools.php
@@ -48,6 +48,23 @@ class Tools
         return $prot . '://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phorkie']['cfg']['baseurl'] . $path;
     }
 
+    /**
+     * Get the full URL to a path, but remove the .phar file from
+     * the base URL if necessary
+     *
+     * @param string $path Path to the file
+     *
+     * @return string Full URL without .phar/
+     */
+    public static function fullUrlNoPhar($path = '')
+    {
+        $base = static::fullUrl();
+        if (substr($base, -6) == '.phar/') {
+            $base = dirname($base) . '/';
+        }
+        return $base . $path;
+    }
+
     /**
      * Removes malicious parts from a file name
      *
@@ -86,6 +103,13 @@ class Tools
             return $scriptName . '/';
         }
 
+        if (isset($_GET['id'])) {
+            $idp = strpos($requestUri, '/' . $_GET['id'] . '/');
+            if ($idp !== false) {
+                return substr($requestUri, 0, $idp) . '/';
+            }
+        }
+
         if (substr($requestUri, -4) != '.php') {
             $requestUri .= '.php';
         }
@@ -96,5 +120,17 @@ class Tools
 
         return '/';
     }
+
+    /**
+     * Resolves "/../" and "/./" in file paths without validating them.
+     */
+    public static function foldPath($path)
+    {
+        $path = str_replace('/./', '/', $path);
+        $path = str_replace('/./', '/', $path);
+        $path = preg_replace('#/[^/]+/\.\./#', '/', $path);
+        $path = preg_replace('#/[^/]+/\.\./#', '/', $path);
+        return $path;
+    }
 }
 ?>