diff options
| author | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:02:16 +0100 |
|---|---|---|
| committer | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:02:16 +0100 |
| commit | 9a214e1b31cd2ff2433f8ed8df8585537d358ac7 (patch) | |
| tree | 14643a7698d55b3e054c7dc607fc18ee4d0dc26c /system/core/URI.php | |
| parent | 160c7d16c4e0c92c030c0a41d1223f916a82089d (diff) | |
| parent | 545a7c86701875e1412bcde316e9bcc76d9a23a0 (diff) | |
Merge remote-tracking branch 'upstream/develop' into dev/hex_xss
Diffstat (limited to 'system/core/URI.php')
| -rw-r--r-- | system/core/URI.php | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/system/core/URI.php b/system/core/URI.php index 91740254c..900472b61 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -219,7 +219,32 @@ class CI_URI { } // Do some final cleaning of the URI and return it - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); + } + + // -------------------------------------------------------------------- + + /** + * Remove relative directory (../) and multi slashes (///) + * + * Do some final cleaning of the URI and return it, currently only used in self::_parse_request_uri() + * + * @param string $url + * @return string + */ + protected function _remove_relative_directory($uri) + { + $uris = array(); + $tok = strtok($uri, '/'); + while ($tok !== FALSE) + { + if (( ! empty($tok) OR $tok === '0') && $tok !== '..') + { + $uris[] = $tok; + } + $tok = strtok('/'); + } + return implode('/', $uris); } // -------------------------------------------------------------------- @@ -249,7 +274,7 @@ class CI_URI { parse_str($_SERVER['QUERY_STRING'], $_GET); - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); } // -------------------------------------------------------------------- |