diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-12-05 11:00:11 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-12-05 11:00:11 +0100 |
| commit | bfa233f559a50ee0674a209fa56f866edc814fd9 (patch) | |
| tree | dfdf0aa87b31db69c7c6646b8bbfbc743797edcd /system/core/URI.php | |
| parent | bc11439c5f7fbbb1ef0257f8083c375eeb9dd79c (diff) | |
Further changes related to issue #47, PR #3323
- Removed a test that was created specifically for the 'convert programmatic characters to entities' feature.
- Changed filter_uri() to accept by reference and to not return anything as its only purpose now is to trigger a show_error() call.
- Added changelog messages and updated the upgrade instructions.
Diffstat (limited to 'system/core/URI.php')
| -rw-r--r-- | system/core/URI.php | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/system/core/URI.php b/system/core/URI.php index 067338d2a..790910169 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -173,8 +173,9 @@ class CI_URI { // Populate the segments array foreach (explode('/', trim($this->uri_string, '/')) as $val) { + $val = trim($val); // Filter segments for security - $val = trim($this->filter_uri($val)); + $this->filter_uri($val); if ($val !== '') { @@ -318,16 +319,14 @@ class CI_URI { * Filters segments for malicious characters. * * @param string $str - * @return string + * @return void */ - public function filter_uri($str) + public function filter_uri(&$str) { if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str)) { show_error('The URI you submitted has disallowed characters.', 400); } - - return $str; } // -------------------------------------------------------------------- |