diff options
author | Andrey Andreev <narf@devilix.net> | 2016-10-27 14:41:23 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2016-10-27 14:41:23 +0200 |
commit | 7bc882384ef4c442fb4edd699c8dd15bbd22e429 (patch) | |
tree | 09bb537dd18f1a728ef02cf3496d4bb7aa1e4f21 | |
parent | 098412502a966597631470a2f0cf935d9ecfe16d (diff) |
Close #4875
-rw-r--r-- | system/core/CodeIgniter.php | 21 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 4 |
2 files changed, 24 insertions, 1 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 6562e99a2..32ad61899 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -416,10 +416,29 @@ if ( ! is_php('5.4')) $params = array($method, array_slice($URI->rsegments, 2)); $method = '_remap'; } - elseif ( ! is_callable(array($class, $method))) + elseif ( ! method_exists($class, $method)) { $e404 = TRUE; } + /** + * DO NOT CHANGE THIS, NOTHING ELSE WORKS! + * + * - method_exists() returns true for non-public methods, which passes the previous elseif + * - is_callable() returns false for PHP 4-style constructors, even if there's a __construct() + * - method_exists($class, '__construct') won't work because CI_Controller::__construct() is inherited + * - People will only complain if this doesn't work, even though it is documented that it shouldn't. + * + * ReflectionMethod::isConstructor() is the ONLY reliable check, + * knowing which method will be executed as a constructor. + */ + elseif ( ! is_callable(array($class, $method)) && strcasecmp($class, $method) === 0) + { + $reflection = new ReflectionMethod($class, $method); + if ( ! $reflection->isPublic() OR $reflection->isConstructor()) + { + $e404 = TRUE; + } + } } if ($e404) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index ee66cc0a4..b7be0866f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -11,6 +11,10 @@ Release Date: Not Released - Fixed a new URL-encoding attack vector in :doc:`Security Library <libraries/security>` method ``xss_clean()`` affecting Firefox. +- General Changes + + - Allowed PHP 4-style constructors (``Mathching_name::Matching_name()`` methods) to be used as routes, if there's a ``__construct()`` to override them. + Version 3.1.1 ============= |