Magento2 FI1 and FI2

[mcdruid]

No description provided.

[jvoisin]

Suggested change

	$parameters['remote_path'] = preg_replace('#.php$#', '', $parameters['remote_path']);
	$parameters['remote_path'] = preg_replace('#.php$#i', '', $parameters['remote_path']);

[jvoisin]

Suggested change

	$parameters['remote_path'] = preg_replace('#(^rsl::|.php$)#', '', $parameters['remote_path']);
	$parameters['remote_path'] = preg_replace('#(^rsl::|.php$)#i', '', $parameters['remote_path']);

Are you sure this will remove both the prefix and the suffix if both are present?

[mcdruid]

I can see why you'd ask as it seems like an OR in the pattern so perhaps only one replacement would take place.. however:

php > $filename = 'rsl::foobar.php';
php > $filename = preg_replace('#(^rsl::|.php$)#', '', $filename);
php > print $filename;
foobar

I did have to check to be certain though!

Good suggestion to make the patterns case-insensitive.. but I'm not positive the include would work if the prefix was supplied in the payload in uppercase. Will add the i flag anyway.

[mcdruid]

Actually if we're going to remove the prefix, we should do that on the file part of the path; I'll tweak the pre-processing shortly.

[mcdruid]

php > print preg_replace('#(rsl::|.php$)#', '', '/path/to/rsl::foobar.php');
/path/to/foobar

php > print preg_replace('#(rsl::|.php$)#', '', '/rsl::foobar.php');
/foobar

php > print preg_replace('#(rsl::|.php$)#', '', 'rsl::foobar.php');
foobar

I think this does what we want now, and it seems pretty unlikely that rsl:: will appear anywhere else in the path and be removed unintentionally.

[jvoisin]

Suggested change

	$parameters['remote_path'] = preg_replace('#(rsl::|.php$)#i', '', $parameters['remote_path']);
	$parameters['remote_path'] = preg_replace('#(rsl::|[.]php$)#i', '', $parameters['remote_path']);

Otherwise . will match any char :)

[mcdruid]

Well spotted! Thanks.