Fix wrong combined paths when traversing upwards. Fixes #557

Author: uncaught

src/JsonSchema/Uri/UriResolver.php

@@ -125,25 +125,37 @@ public function resolve($uri, $baseUri = null)
     public static function combineRelativePathWithBasePath($relativePath, $basePath)
     {
         $relativePath = self::normalizePath($relativePath);
-        if ($relativePath == '') {
+        if (!$relativePath) {
             return $basePath;
         }
-        if ($relativePath[0] == '/') {
+        if ($relativePath[0] === '/') {
             return $relativePath;
         }
-
-        $basePathSegments = explode('/', $basePath);
-
-        preg_match('|^/?(\.\./(?:\./)*)*|', $relativePath, $match);
-        $numLevelUp = strlen($match[0]) /3 + 1;
-        if ($numLevelUp >= count($basePathSegments)) {
+        if (!$basePath) {
             throw new UriResolverException(sprintf("Unable to resolve URI '%s' from base '%s'", $relativePath, $basePath));
         }
 
-        $basePathSegments = array_slice($basePathSegments, 0, -$numLevelUp);
-        $path = preg_replace('|^/?(\.\./(\./)*)*|', '', $relativePath);
+        $dirname = $basePath[strlen($basePath) - 1] === '/' ? $basePath : dirname($basePath);
+        $combined = rtrim($dirname, '/') . '/' . ltrim($relativePath, '/');
+        $combinedSegments = explode('/', $combined);
+        $collapsedSegments = array();
+        while ($combinedSegments) {
+            $segment = array_shift($combinedSegments);
+            if ($segment === '..') {
+                if (count($collapsedSegments) <= 1) {
+                    // Do not remove the top level (domain)
+                    // This is not ideal - the domain should not be part of the path here. parse() and generate()
+                    // should handle the "domain" separately, like the schema.
+                    // Then the if-condition here would be `if (!$collapsedSegments) {`.
+                    throw new UriResolverException(sprintf("Unable to resolve URI '%s' from base '%s'", $relativePath, $basePath));
+                }
+                array_pop($collapsedSegments);
+            } else {
+                $collapsedSegments[] = $segment;
+            }
+        }
 
-        return implode('/', $basePathSegments) . '/' . $path;
+        return implode('/', $collapsedSegments);
     }
 
     /**

tests/Uri/UriResolverTest.php

@@ -7,6 +7,11 @@
 
 class UriResolverTest extends TestCase
 {
+    /**
+     * @var UriResolver
+     */
+    private $resolver;
+
     public function setUp()
     {
         $this->resolver = new UriResolver();
@@ -83,6 +88,21 @@ public function testCombineRelativePathWithBasePathNoPath()
         );
     }
 
+    /**
+     * Covers https://github.com/justinrainbow/json-schema/issues/557
+     * Relative paths yield wrong result.
+     */
+    public function testCombineRelativePathWithBasePathTraversingUp()
+    {
+        $this->assertEquals(
+            '/var/packages/schema/UuidSchema.json',
+            UriResolver::combineRelativePathWithBasePath(
+                '../../../schema/UuidSchema.json',
+                '/var/packages/foo/tests/UnitTests/DemoData/../../../schema/Foo/FooSchema_latest.json'
+            )
+        );
+    }
+
     public function testResolveAbsoluteUri()
     {
         $this->assertEquals(
@@ -99,12 +119,9 @@ public function testResolveAbsoluteUri()
      */
     public function testResolveRelativeUriNoBase()
     {
-        $this->assertEquals(
-            'http://example.org/foo/bar.json',
-            $this->resolver->resolve(
-                'bar.json',
-                null
-            )
+        $this->resolver->resolve(
+            'bar.json',
+            null
         );
     }