diff options
Diffstat (limited to 'system/libraries/URI.php')
| -rw-r--r-- | system/libraries/URI.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/system/libraries/URI.php b/system/libraries/URI.php index efc7a18b3..68b678053 100644 --- a/system/libraries/URI.php +++ b/system/libraries/URI.php @@ -186,7 +186,9 @@ class CI_URI { { if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE) { - if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", $str)) + // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards + // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern + if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str)) { show_error('The URI you submitted has disallowed characters.', 400); } |