diff options
| author | paulburdick <devnull@localhost> | 2007-06-28 01:25:19 +0200 |
|---|---|---|
| committer | paulburdick <devnull@localhost> | 2007-06-28 01:25:19 +0200 |
| commit | 3541313e896794514b7d44a5f0aab1e47b340ef7 (patch) | |
| tree | e4a9d191ff5c37e10abbac98b909ae2cb8d1bd20 /system/libraries/Router.php | |
| parent | 8816aaab7ac21d4e3ccd1eedd86462bc94aff2c1 (diff) | |
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
Diffstat (limited to 'system/libraries/Router.php')
| -rw-r--r-- | system/libraries/Router.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/system/libraries/Router.php b/system/libraries/Router.php index 6c3062c07..e2a14800d 100644 --- a/system/libraries/Router.php +++ b/system/libraries/Router.php @@ -49,6 +49,7 @@ class CI_Router { function CI_Router()
{
$this->config =& load_class('Config');
+ $this->input =& load_class('Input');
$this->_set_route_mapping();
log_message('debug', "Router Class Initialized");
}
@@ -482,7 +483,7 @@ class CI_Router { */
function set_class($class)
{
- $this->class = $class;
+ $this->class = $this->input->filename_security($class);
}
// --------------------------------------------------------------------
@@ -509,7 +510,7 @@ class CI_Router { */
function set_method($method)
{
- $this->method = $method;
+ $this->method = $this->input->filename_security($method);
}
// --------------------------------------------------------------------
@@ -541,7 +542,7 @@ class CI_Router { */
function set_directory($dir)
{
- $this->directory = $dir.'/';
+ $this->directory = $this->input->filename_security($dir).'/';
}
// --------------------------------------------------------------------
|