summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2010-10-07 00:51:16 +0200
committerDerek Jones <derek.jones@ellislab.com>2010-10-07 00:51:16 +0200
commit2615e418539c3d6e2f912c66be99ffebfb8513ff (patch)
treef37cb90319cabf46fa15ef9b98002a0bfa178f87
parent79bd0363faf287cafd9e9bd5608bc3e08df9ac87 (diff)
fixed a security issue which in certain cases could result in directory traversal
-rw-r--r--system/core/Router.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Router.php b/system/core/Router.php
index b371d5241..d911eb224 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -345,7 +345,7 @@ class CI_Router {
*/
function set_class($class)
{
- $this->class = $class;
+ $this->class = str_replace(array('/', '.'), '', $class);
}
// --------------------------------------------------------------------
@@ -404,7 +404,7 @@ class CI_Router {
*/
function set_directory($dir)
{
- $this->directory = trim($dir, '/').'/';
+ $this->directory = str_replace(array('/', '.'), '', $dir).'/';
}
// --------------------------------------------------------------------