diff options
author | Derek Jones <derek.jones@ellislab.com> | 2010-10-07 00:51:16 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2010-10-07 00:51:16 +0200 |
commit | 2615e418539c3d6e2f912c66be99ffebfb8513ff (patch) | |
tree | f37cb90319cabf46fa15ef9b98002a0bfa178f87 | |
parent | 79bd0363faf287cafd9e9bd5608bc3e08df9ac87 (diff) |
fixed a security issue which in certain cases could result in directory traversal
-rw-r--r-- | system/core/Router.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Router.php b/system/core/Router.php index b371d5241..d911eb224 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -345,7 +345,7 @@ class CI_Router { */ function set_class($class) { - $this->class = $class; + $this->class = str_replace(array('/', '.'), '', $class); } // -------------------------------------------------------------------- @@ -404,7 +404,7 @@ class CI_Router { */ function set_directory($dir) { - $this->directory = trim($dir, '/').'/'; + $this->directory = str_replace(array('/', '.'), '', $dir).'/'; } // -------------------------------------------------------------------- |