From 1be30a8e7425a51aeac0cc7c3752d6bc7b4943d0 Mon Sep 17 00:00:00 2001
From: Lars Jung <lrsjng@gmail.com>
Date: Mon, 15 Jul 2013 00:17:10 +0200
Subject: [PATCH] Secures ABS_HREF.

---
 src/_h5ai/server/php/index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/_h5ai/server/php/index.php b/src/_h5ai/server/php/index.php
index ace8971c..4f3d636f 100644
--- a/src/_h5ai/server/php/index.php
+++ b/src/_h5ai/server/php/index.php
@@ -12,7 +12,9 @@ function normalize_path($path, $trailing_slash = false) {
 define("APP_ABS_PATH", normalize_path(dirname(dirname(dirname(__FILE__)))));
 // define("APP_ABS_HREF", normalize_path(dirname(dirname(dirname(getenv("SCRIPT_NAME")))), true));
 define("APP_ABS_HREF", normalize_path(dirname(dirname(dirname(preg_replace('#^.*//#', '/', getenv("SCRIPT_NAME"))))), true)); // fixes lighttpd issues
-define("ABS_HREF", normalize_path(preg_replace('/[^\\/]*$/', '', getenv("REQUEST_URI")), true));
+$url_parts = parse_url(getenv("REQUEST_URI"));
+define("ABS_HREF", normalize_path($url_parts["path"]), true);
+
 
 function normalized_require_once($lib) {