diff options
| -rw-r--r-- | system/core/URI.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/core/URI.php b/system/core/URI.php index a997525ee..208d311a5 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -278,7 +278,7 @@ class CI_URI { { // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern - if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', $str)) + if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', urldecode($str))) { show_error('The URI you submitted has disallowed characters.', 400); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 589cd0046..3e5bc8fcb 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -275,6 +275,7 @@ Bug fixes for 3.0 - Fixed a bug (#10) - :doc:`URI Library <libraries/uri>` internal method _detect_uri() failed with paths containing a colon. - Fixed a bug (#1387) - :doc:`Query Builder <database/query_builder>`'s from() method didn't escape table aliases. - Fixed a bug (#520) - :doc:`Date Helper <helpers/date_helper>` function nice_date() failed when the optional second parameter is not passed. +- Fixed a bug (#167) - ``$config['permitted_uri_chars']`` didn't affect URL-encoded characters. Version 2.1.1 ============= |