diff options
author | Andrey Andreev <narf@devilix.net> | 2016-02-15 13:09:48 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2016-02-15 13:09:48 +0100 |
commit | a6d1c538f61ce12216eef7bb92716e24af0b86bf (patch) | |
tree | 7b2abcc33da93c70a94ce35b123b09541630ff73 | |
parent | 24adbfc5e163de9da72f59e36be6c0ac02bf10c2 (diff) |
Don't apply url_suffix, permitted_uri_chars to CLI requests
Close #4085
Close #4460
-rw-r--r-- | system/core/URI.php | 118 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 4 | ||||
-rw-r--r-- | user_guide_src/source/installation/upgrade_310.rst | 15 |
3 files changed, 86 insertions, 51 deletions
diff --git a/system/core/URI.php b/system/core/URI.php index 544f6c85f..79cf640b9 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -100,41 +100,36 @@ class CI_URI { { $this->config =& load_class('Config', 'core'); + // If it's a CLI request, ignore the configuration + if (is_cli()) + { + $this->_set_uri_string($this->_parse_argv(), TRUE); + } // If query strings are enabled, we don't need to parse any segments. - // However, they don't make sense under CLI. - if (is_cli() OR $this->config->item('enable_query_strings') !== TRUE) + elseif ($this->config->item('enable_query_strings') !== TRUE) { $this->_permitted_uri_chars = $this->config->item('permitted_uri_chars'); + $protocol = $this->config->item('uri_protocol'); + empty($protocol) && $protocol = 'REQUEST_URI'; - // If it's a CLI request, ignore the configuration - if (is_cli()) + switch ($protocol) { - $uri = $this->_parse_argv(); + case 'AUTO': // For BC purposes only + case 'REQUEST_URI': + $uri = $this->_parse_request_uri(); + break; + case 'QUERY_STRING': + $uri = $this->_parse_query_string(); + break; + case 'PATH_INFO': + default: + $uri = isset($_SERVER[$protocol]) + ? $_SERVER[$protocol] + : $this->_parse_request_uri(); + break; } - else - { - $protocol = $this->config->item('uri_protocol'); - empty($protocol) && $protocol = 'REQUEST_URI'; - switch ($protocol) - { - case 'AUTO': // For BC purposes only - case 'REQUEST_URI': - $uri = $this->_parse_request_uri(); - break; - case 'QUERY_STRING': - $uri = $this->_parse_query_string(); - break; - case 'PATH_INFO': - default: - $uri = isset($_SERVER[$protocol]) - ? $_SERVER[$protocol] - : $this->_parse_request_uri(); - break; - } - } - - $this->_set_uri_string($uri); + $this->_set_uri_string($uri, FALSE); } log_message('info', 'URI Class Initialized'); @@ -145,43 +140,66 @@ class CI_URI { /** * Set URI String * - * @param string $str + * @param string $str Input URI string + * @param bool $is_cli Whether the input comes from CLI * @return void */ - protected function _set_uri_string($str) + protected function _set_uri_string($str, $is_cli = FALSE) { - // Filter out control characters and trim slashes - $this->uri_string = trim(remove_invisible_characters($str, FALSE), '/'); - - if ($this->uri_string !== '') + // CLI requests have a bit simpler logic + if ($is_cli) { - // Remove the URL suffix, if present - if (($suffix = (string) $this->config->item('url_suffix')) !== '') + if (($this->uri_string = trim($str, '/')) === '') { - $slen = strlen($suffix); - - if (substr($this->uri_string, -$slen) === $suffix) - { - $this->uri_string = substr($this->uri_string, 0, -$slen); - } + return; } $this->segments[0] = NULL; - // Populate the segments array - foreach (explode('/', trim($this->uri_string, '/')) as $val) + foreach (explode('/', $this->uri_string) as $segment) { - $val = trim($val); - // Filter segments for security - $this->filter_uri($val); - - if ($val !== '') + if (($segment = trim($segment)) !== '') { - $this->segments[] = $val; + $this->segments[] = $segment; } } unset($this->segments[0]); + return; + } + + // Filter out control characters and trim slashes + $this->uri_string = trim(remove_invisible_characters($str, FALSE), '/'); + + if ($this->uri_string === '') + { + return; } + + // Remove the URL suffix, if present + if (($suffix = (string) $this->config->item('url_suffix')) !== '') + { + $slen = strlen($suffix); + + if (substr($this->uri_string, -$slen) === $suffix) + { + $this->uri_string = substr($this->uri_string, 0, -$slen); + } + } + + $this->segments[0] = NULL; + foreach (explode('/', trim($this->uri_string, '/')) as $segment) + { + $segment = trim($segment); + // Filter segments for security + $this->filter_uri($segment); + + if ($segment !== '') + { + $this->segments[] = $segment; + } + } + + unset($this->segments[0]); } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d490f1504..8e1789fb9 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -7,6 +7,10 @@ Version 3.1.0 Release Date: Not Released +- Core + + - Changed :doc:`URI Library <libraries/uri>` to ignore the ``$config['url_suffix']``, ``$config['permitted_uri_chars']`` configuration settings for CLI requests. + - Libraries - Added UNIX socket connection support to :doc:`Session Library <libraries/sessions>` 'redis' driver. diff --git a/user_guide_src/source/installation/upgrade_310.rst b/user_guide_src/source/installation/upgrade_310.rst index b86bb1da3..a6e6bae7e 100644 --- a/user_guide_src/source/installation/upgrade_310.rst +++ b/user_guide_src/source/installation/upgrade_310.rst @@ -58,7 +58,20 @@ That doesn't make sense and that's the reason why most database drivers don't support it at all. Thus, ``db_set_charset()`` is no longer necessary and is removed. -Step 3: Check usage of doctype() HTML helper +Step 3: Check logic related to URI parsing of CLI requests +========================================================== + +When running a CodeIgniter application from the CLI, the +:doc:`URI Library <libraries/uri>` will now ignore the +``$config['url_suffix']`` and ``$config['permitted_uri_chars']`` +configuration settings. + +These two options don't make sense under the command line (which is why +this change was made) and therefore you shouldn't be affected by this, but +if you've relied on them for some reason, you'd probably have to make some +changes to your code. + +Step 4: Check usage of doctype() HTML helper ============================================ The :doc:`HTML Helper <../helpers/html_helper>` function |