From a2c6a6984d475f894b0357d67d2dee431da3de06 Mon Sep 17 00:00:00 2001
From: Thomas Zilio <Dasc3er@users.noreply.github.com>
Date: Fri, 22 Dec 2017 11:44:27 +0100
Subject: [PATCH] Risoluzione del bug #83

Risoluzione del bug #83, causato da un problema di confronto tra percorsi.
---
 core.php            |  2 +-
 lib/functions.php   | 17 +++++++++++++++++
 src/API.php         |  2 +-
 src/Permissions.php |  2 +-
 4 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/core.php b/core.php
index 70e368894..c2fa26426 100644
--- a/core.php
+++ b/core.php
@@ -127,7 +127,7 @@ $dbo = Database::getConnection();
 // Controllo sulla presenza dei permessi di accesso basilari
 $continue = $dbo->isInstalled() && !Update::isUpdateAvailable() && (Auth::check() || API::isAPIRequest());
 
-if (!$continue && slashes($_SERVER['SCRIPT_FILENAME']) != slashes(DOCROOT.'/index.php')) {
+if (!$continue && getURLPath() != slashes(ROOTDIR.'/index.php')) {
     if (Auth::check()) {
         Auth::logout();
     }
diff --git a/lib/functions.php b/lib/functions.php
index 9df1bde75..7aba53fbb 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -879,3 +879,20 @@ function isMobile()
 {
     return preg_match("/(android|avantgo|blackberry|bolt|boost|cricket|docomo|fone|hiptop|mini|mobi|palm|phone|pie|tablet|up\.browser|up\.link|webos|wos)/i", $_SERVER['HTTP_USER_AGENT']);
 }
+
+/**
+ * Restituisce il percorso derivante dal file in esecuzione.
+ *
+ * @return string
+ */
+function getURLPath()
+{
+    $path = $_SERVER['SCRIPT_FILENAME'];
+    $prefix = $_SERVER['DOCUMENT_ROOT'];
+
+    if (substr($path, 0, strlen($prefix)) == $prefix) {
+        $path = substr($path, strlen($prefix));
+    }
+
+    return slashes($path);
+}
diff --git a/src/API.php b/src/API.php
index a769fd881..a13f274e6 100644
--- a/src/API.php
+++ b/src/API.php
@@ -339,7 +339,7 @@ class API extends \Util\Singleton
      */
     public static function isAPIRequest()
     {
-        return slashes($_SERVER['SCRIPT_FILENAME']) == slashes(DOCROOT.'/api/index.php');
+        return getURLPath() == slashes(ROOTDIR.'/api/index.php');
     }
 
     /**
diff --git a/src/Permissions.php b/src/Permissions.php
index 1c9435253..4452368ea 100644
--- a/src/Permissions.php
+++ b/src/Permissions.php
@@ -67,7 +67,7 @@ class Permissions
         $result = true;
 
         if (!self::getSkip()) {
-            if (!Auth::check() && slashes($_SERVER['SCRIPT_FILENAME']) == slashes(DOCROOT.'/index.php')) {
+            if (!Auth::check() && getURLPath() == slashes(ROOTDIR.'/index.php')) {
                 redirect(ROOTDIR.'/index.php');
                 exit();
                 $result = false;