diff options
| author | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:02:16 +0100 |
|---|---|---|
| committer | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:02:16 +0100 |
| commit | 9a214e1b31cd2ff2433f8ed8df8585537d358ac7 (patch) | |
| tree | 14643a7698d55b3e054c7dc607fc18ee4d0dc26c /system/core | |
| parent | 160c7d16c4e0c92c030c0a41d1223f916a82089d (diff) | |
| parent | 545a7c86701875e1412bcde316e9bcc76d9a23a0 (diff) | |
Merge remote-tracking branch 'upstream/develop' into dev/hex_xss
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Router.php | 18 | ||||
| -rw-r--r-- | system/core/URI.php | 29 |
2 files changed, 36 insertions, 11 deletions
diff --git a/system/core/Router.php b/system/core/Router.php index 01f44bc83..76772a0fb 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -111,21 +111,21 @@ class CI_Router { // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); - if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')])) + if ($this->config->item('enable_query_strings') === TRUE + && ! empty($_GET[$this->config->item('controller_trigger')]) + && is_string($_GET[$this->config->item('controller_trigger')]) + ) { - if (isset($_GET[$this->config->item('directory_trigger')])) + if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')])) { $this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')]))); $segments[] = $this->fetch_directory(); } - if (isset($_GET[$this->config->item('controller_trigger')])) - { - $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); - $segments[] = $this->fetch_class(); - } + $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); + $segments[] = $this->fetch_class(); - if (isset($_GET[$this->config->item('function_trigger')])) + if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')])) { $this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')]))); $segments[] = $this->fetch_method(); @@ -142,7 +142,7 @@ class CI_Router { include(APPPATH.'config/routes.php'); } - $this->routes = (isset($route) && is_array($route)) ? $route : array(); + $this->routes = (empty($route) OR ! is_array($route)) ? array() : $route; unset($route); // Set the default controller so we can display it in the event diff --git a/system/core/URI.php b/system/core/URI.php index 91740254c..900472b61 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -219,7 +219,32 @@ class CI_URI { } // Do some final cleaning of the URI and return it - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); + } + + // -------------------------------------------------------------------- + + /** + * Remove relative directory (../) and multi slashes (///) + * + * Do some final cleaning of the URI and return it, currently only used in self::_parse_request_uri() + * + * @param string $url + * @return string + */ + protected function _remove_relative_directory($uri) + { + $uris = array(); + $tok = strtok($uri, '/'); + while ($tok !== FALSE) + { + if (( ! empty($tok) OR $tok === '0') && $tok !== '..') + { + $uris[] = $tok; + } + $tok = strtok('/'); + } + return implode('/', $uris); } // -------------------------------------------------------------------- @@ -249,7 +274,7 @@ class CI_URI { parse_str($_SERVER['QUERY_STRING'], $_GET); - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); } // -------------------------------------------------------------------- |