diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Router.php | 13 | ||||
-rw-r--r-- | system/core/URI.php | 9 |
2 files changed, 12 insertions, 10 deletions
diff --git a/system/core/Router.php b/system/core/Router.php index 7f18adbf5..d86735f5f 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -171,18 +171,21 @@ class CI_Router { $_d = isset($_GET[$_d]) ? trim($_GET[$_d], " \t\n\r\0\x0B/") : ''; if ($_d !== '') { - $this->set_directory($this->uri->filter_uri($_d)); + $this->uri->filter_uri($_d); + $this->set_directory($_d); } - $_c = $this->config->item('controller_trigger'); + $_c = trim($this->config->item('controller_trigger')); if ( ! empty($_GET[$_c])) { - $this->set_class(trim($this->uri->filter_uri(trim($_GET[$_c])))); + $this->uri->filter_uri($_GET[$_c]); + $this->set_class($_GET[$_c]); - $_f = $this->config->item('function_trigger'); + $_f = trim($this->config->item('function_trigger')); if ( ! empty($_GET[$_f])) { - $this->set_method(trim($this->uri->filter_uri($_GET[$_f]))); + $this->uri->filter_uri($_GET[$_f]); + $this->set_method($_GET[$_f]); } $this->uri->rsegments = array( diff --git a/system/core/URI.php b/system/core/URI.php index 067338d2a..790910169 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -173,8 +173,9 @@ class CI_URI { // Populate the segments array foreach (explode('/', trim($this->uri_string, '/')) as $val) { + $val = trim($val); // Filter segments for security - $val = trim($this->filter_uri($val)); + $this->filter_uri($val); if ($val !== '') { @@ -318,16 +319,14 @@ class CI_URI { * Filters segments for malicious characters. * * @param string $str - * @return string + * @return void */ - public function filter_uri($str) + public function filter_uri(&$str) { if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str)) { show_error('The URI you submitted has disallowed characters.', 400); } - - return $str; } // -------------------------------------------------------------------- |