Merge pull request #6404 from piwik/bugfix/6156

Fixes #6156 Redirect /index.php/.whatever?... to /index.php?...

3 files changed, 68 insertions, 2 deletions

diff --git a/core/FrontController.php b/core/FrontController.php
index ce39922a2e..34da03fd9f 100644
--- a/core/FrontController.php
+++ b/core/FrontController.php
@@ -12,6 +12,7 @@ namespace Piwik;
 use Exception;
 use Piwik\API\Request;
 use Piwik\API\ResponseBuilder;
+use Piwik\Http\Router;
 use Piwik\Plugin\Controller;
 use Piwik\Plugin\Report;
 use Piwik\Plugin\Widgets;
@@ -83,6 +84,13 @@ class FrontController extends Singleton
             return;
         }
 
+        $filter = new Router();
+        $redirection = $filter->filterUrl(Url::getCurrentUrl());
+        if ($redirection !== null) {
+            Url::redirectToUrl($redirection);
+            return;
+        }
+
         try {
             $result = $this->doDispatch($module, $action, $parameters);
             return $result;
@@ -604,7 +612,6 @@ class FrontController extends Singleton
         Piwik::postEvent('Request.dispatch.end', array(&$result, $module, $action, $parameters));
         return $result;
     }
-
 }
 
 /**
diff --git a/core/Http/Router.php b/core/Http/Router.php
new file mode 100644
index 0000000000..62547c7c23
--- /dev/null
+++ b/core/Http/Router.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * Piwik - free/libre analytics platform
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+namespace Piwik\Http;
+
+use Piwik\Url;
+
+/**
+ * Router
+ */
+class Router
+{
+    /**
+     * Filters some malformed URL by suggesting to redirect them.
+     *
+     * E.g. /index.php/.html?... can be interpreted as HTML by old browsers
+     * even though the Content-Type says JSON.
+     * @link https://github.com/piwik/piwik/issues/6156
+     *
+     * @param string $url The URL to filter.
+     *
+     * @return string|null If not null, then the application should redirect to that URL.
+     */
+    public function filterUrl($url)
+    {
+        $path = parse_url($url, PHP_URL_PATH);
+
+        if (strpos($path, 'index.php/') !== false) {
+            return preg_replace('#index\.php/([^\?]*)#', 'index.php', $url, 1);
+        }
+
+        return null;
+    }
+}
diff --git a/core/Url.php b/core/Url.php
index 1ed77f5fa5..c27805305d 100644
--- a/core/Url.php
+++ b/core/Url.php
@@ -67,6 +67,7 @@ class Url
         return self::getCurrentScheme() . '://'
         . self::getCurrentHost()
         . self::getCurrentScriptName()
+        . self::getCurrentPathInfo()
         . self::getCurrentQueryString();
     }
 
@@ -83,7 +84,8 @@ class Url
     {
         return self::getCurrentScheme() . '://'
         . self::getCurrentHost($default = 'unknown', $checkTrustedHost)
-        . self::getCurrentScriptName();
+        . self::getCurrentScriptName()
+        . self::getCurrentPathInfo();
     }
 
     /**
@@ -174,6 +176,24 @@ class Url
     }
 
     /**
+     * Returns the current PATH_INFO from the request.
+     *
+     * Contains any client-provided pathname information trailing the actual
+     * script filename but preceding the query string, if available.
+     *
+     * For instance, if the current script was accessed via the URL
+     * http://www.example.com/php/path_info.php/some/stuff?foo=bar
+     * then getCurrentPathInfo() would return "/some/stuff".
+     *
+     * @return string
+     * @api
+     */
+    public static function getCurrentPathInfo()
+    {
+        return isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
+    }
+
+    /**
      * Returns the current URL's protocol.
      *
      * @return string `'https'` or `'http'`