summaryrefslogtreecommitdiffstats
path: root/system/codeigniter/CodeIgniter.php
diff options
context:
space:
mode:
authorpaulburdick <devnull@localhost>2007-06-28 01:30:41 +0200
committerpaulburdick <devnull@localhost>2007-06-28 01:30:41 +0200
commit8b1c3874d61d2c05f6368c9cad82aa533ad42b03 (patch)
tree1ec8ceb6d114f18ab9df7d8d500f5d7873d6ea57 /system/codeigniter/CodeIgniter.php
parentfed96b698011d3d464a4caf9d75b6b1e71d175d1 (diff)
Modified the include so that there is a bit of filename security
Diffstat (limited to 'system/codeigniter/CodeIgniter.php')
-rw-r--r--system/codeigniter/CodeIgniter.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/codeigniter/CodeIgniter.php b/system/codeigniter/CodeIgniter.php
index 987478f9f..8b067ff72 100644
--- a/system/codeigniter/CodeIgniter.php
+++ b/system/codeigniter/CodeIgniter.php
@@ -132,7 +132,7 @@ load_class('Controller', FALSE);
// Load the local application controller
// Note: The Router class automatically validates the controller path. If this include fails it
// means that the default controller in the Routes.php file is not resolving to something valid.
-if ( ! include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT))
+if ( ! include(APPPATH.'controllers/'.$IN->filename_security($RTR->fetch_directory()).$IN->filename_security($RTR->fetch_class()).EXT))
{
show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.');
}