diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-04-14 16:03:04 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-04-14 16:03:04 +0200 |
commit | 27b5005d23ab2d55e459b59890d0108e100cb070 (patch) | |
tree | e4c4ea329e457377aa161c8f4ac15ad5efa88c3d | |
parent | 75eedf56b0c4bac55c3160747a500ee788cbfc18 (diff) |
added check to make sure the URI path is not constructed entirely of slashes in URI::_fetch_uri_string()
-rw-r--r-- | system/libraries/URI.php | 8 | ||||
-rw-r--r-- | user_guide/changelog.html | 3 |
2 files changed, 6 insertions, 5 deletions
diff --git a/system/libraries/URI.php b/system/libraries/URI.php index aecf05138..d10a5daeb 100644 --- a/system/libraries/URI.php +++ b/system/libraries/URI.php @@ -65,7 +65,7 @@ class CI_URI { // build the URI string from the zero index of the $_GET array.
// This avoids having to deal with $_SERVER variables, which
// can be unreliable in some environments
- if (is_array($_GET) AND count($_GET) == 1)
+ if (is_array($_GET) AND count($_GET) == 1 AND trim(key($_GET), '/') != '')
{
$this->uri_string = key($_GET);
return;
@@ -74,7 +74,7 @@ class CI_URI { // Is there a PATH_INFO variable?
// Note: some servers seem to have trouble with getenv() so we'll test it two ways
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
- if ($path != '' AND $path != '/' AND $path != "/".SELF)
+ if (trim($path, '/') != '' AND $path != "/".SELF)
{
$this->uri_string = $path;
return;
@@ -82,7 +82,7 @@ class CI_URI { // No PATH_INFO?... What about QUERY_STRING?
$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
- if ($path != '' AND $path != '/')
+ if (trim($path, '/') != '')
{
$this->uri_string = $path;
return;
@@ -90,7 +90,7 @@ class CI_URI { // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
$path = (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO');
- if ($path != '' AND $path != '/' AND $path != "/".SELF)
+ if (trim($path, '/') != '' AND $path != "/".SELF)
{
$this->uri_string = $path;
return;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index bc1a5072c..a7ad022d2 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -103,7 +103,8 @@ Change Log <li>Fixed an AR_caching error where it wasn't tracking table aliases (#3463).</li>
<li>Fixed a bug in the DB class testing the $params argument.</li>
<li>Fixed a bug in the Table library where the integer 0 in cell data would be displayed as a blank cell.</li>
- <li>Fixed bugs (#3523, #4350) in get_filenames() with recursion and problems with Windows when $include_path is used.</p>
+ <li>Fixed bugs (#3523, #4350) in get_filenames() with recursion and problems with Windows when $include_path is used.</li>
+ <li>Fixed a bug (#4413) where a URI containing slashes only e.g. 'http://example.com/index.php?//' would result in PHP errors</li>
</ul>
<h2>Version 1.6.1</h2>
|