summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-12-05 11:00:11 +0100
committerAndrey Andreev <narf@devilix.net>2014-12-05 11:00:11 +0100
commitbfa233f559a50ee0674a209fa56f866edc814fd9 (patch)
treedfdf0aa87b31db69c7c6646b8bbfbc743797edcd /system
parentbc11439c5f7fbbb1ef0257f8083c375eeb9dd79c (diff)
Further changes related to issue #47, PR #3323
- Removed a test that was created specifically for the 'convert programmatic characters to entities' feature. - Changed filter_uri() to accept by reference and to not return anything as its only purpose now is to trigger a show_error() call. - Added changelog messages and updated the upgrade instructions.
Diffstat (limited to 'system')
-rw-r--r--system/core/Router.php13
-rw-r--r--system/core/URI.php9
2 files changed, 12 insertions, 10 deletions
diff --git a/system/core/Router.php b/system/core/Router.php
index 7f18adbf5..d86735f5f 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -171,18 +171,21 @@ class CI_Router {
$_d = isset($_GET[$_d]) ? trim($_GET[$_d], " \t\n\r\0\x0B/") : '';
if ($_d !== '')
{
- $this->set_directory($this->uri->filter_uri($_d));
+ $this->uri->filter_uri($_d);
+ $this->set_directory($_d);
}
- $_c = $this->config->item('controller_trigger');
+ $_c = trim($this->config->item('controller_trigger'));
if ( ! empty($_GET[$_c]))
{
- $this->set_class(trim($this->uri->filter_uri(trim($_GET[$_c]))));
+ $this->uri->filter_uri($_GET[$_c]);
+ $this->set_class($_GET[$_c]);
- $_f = $this->config->item('function_trigger');
+ $_f = trim($this->config->item('function_trigger'));
if ( ! empty($_GET[$_f]))
{
- $this->set_method(trim($this->uri->filter_uri($_GET[$_f])));
+ $this->uri->filter_uri($_GET[$_f]);
+ $this->set_method($_GET[$_f]);
}
$this->uri->rsegments = array(
diff --git a/system/core/URI.php b/system/core/URI.php
index 067338d2a..790910169 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -173,8 +173,9 @@ class CI_URI {
// Populate the segments array
foreach (explode('/', trim($this->uri_string, '/')) as $val)
{
+ $val = trim($val);
// Filter segments for security
- $val = trim($this->filter_uri($val));
+ $this->filter_uri($val);
if ($val !== '')
{
@@ -318,16 +319,14 @@ class CI_URI {
* Filters segments for malicious characters.
*
* @param string $str
- * @return string
+ * @return void
*/
- public function filter_uri($str)
+ public function filter_uri(&$str)
{
if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str))
{
show_error('The URI you submitted has disallowed characters.', 400);
}
-
- return $str;
}
// --------------------------------------------------------------------