diff options
| -rw-r--r-- | system/core/Router.php | 18 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 10 insertions, 9 deletions
diff --git a/system/core/Router.php b/system/core/Router.php index 01f44bc83..76772a0fb 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -111,21 +111,21 @@ class CI_Router { // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); - if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')])) + if ($this->config->item('enable_query_strings') === TRUE + && ! empty($_GET[$this->config->item('controller_trigger')]) + && is_string($_GET[$this->config->item('controller_trigger')]) + ) { - if (isset($_GET[$this->config->item('directory_trigger')])) + if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')])) { $this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')]))); $segments[] = $this->fetch_directory(); } - if (isset($_GET[$this->config->item('controller_trigger')])) - { - $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); - $segments[] = $this->fetch_class(); - } + $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); + $segments[] = $this->fetch_class(); - if (isset($_GET[$this->config->item('function_trigger')])) + if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')])) { $this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')]))); $segments[] = $this->fetch_method(); @@ -142,7 +142,7 @@ class CI_Router { include(APPPATH.'config/routes.php'); } - $this->routes = (isset($route) && is_array($route)) ? $route : array(); + $this->routes = (empty($route) OR ! is_array($route)) ? array() : $route; unset($route); // Set the default controller so we can display it in the event diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index c2606f3f3..4844c6748 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -463,6 +463,7 @@ Bug fixes for 3.0 - Fixed a bug (#18) - :doc:`APC Cache <libraries/caching>` driver didn't (un)serialize data, resulting in failure to store objects. - Fixed a bug (#188) - :doc:`Unit Testing Library <libraries/unit_testing>` filled up logs with error messages for non-existing language keys. - Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array. +- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **query_strings** set to TRUE. Version 2.1.3 ============= |