summaryrefslogtreecommitdiffstats
path: root/system/core/URI.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/core/URI.php')
-rw-r--r--system/core/URI.php20
1 files changed, 7 insertions, 13 deletions
diff --git a/system/core/URI.php b/system/core/URI.php
index 1817374b7..39d1a8f30 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -2,11 +2,11 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.2.4 or newer
+ * An open source application development framework for PHP
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2015, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://opensource.org/licenses/MIT MIT License
* @link http://codeigniter.com
* @since Version 1.0.0
@@ -173,8 +173,9 @@ class CI_URI {
// Populate the segments array
foreach (explode('/', trim($this->uri_string, '/')) as $val)
{
+ $val = trim($val);
// Filter segments for security
- $val = trim($this->filter_uri($val));
+ $this->filter_uri($val);
if ($val !== '')
{
@@ -318,21 +319,14 @@ class CI_URI {
* Filters segments for malicious characters.
*
* @param string $str
- * @return string
+ * @return void
*/
- public function filter_uri($str)
+ public function filter_uri(&$str)
{
if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str))
{
show_error('The URI you submitted has disallowed characters.', 400);
}
-
- // Convert programatic characters to entities and return
- return str_replace(
- array('$', '(', ')', '%28', '%29'), // Bad
- array('$', '(', ')', '(', ')'), // Good
- $str
- );
}
// --------------------------------------------------------------------