From 27b5005d23ab2d55e459b59890d0108e100cb070 Mon Sep 17 00:00:00 2001
From: Derek Jones
Date: Mon, 14 Apr 2008 14:03:04 +0000
Subject: added check to make sure the URI path is not constructed entirely of
slashes in URI::_fetch_uri_string()
---
system/libraries/URI.php | 8 ++++----
user_guide/changelog.html | 3 ++-
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/system/libraries/URI.php b/system/libraries/URI.php
index aecf05138..d10a5daeb 100644
--- a/system/libraries/URI.php
+++ b/system/libraries/URI.php
@@ -65,7 +65,7 @@ class CI_URI {
// build the URI string from the zero index of the $_GET array.
// This avoids having to deal with $_SERVER variables, which
// can be unreliable in some environments
- if (is_array($_GET) AND count($_GET) == 1)
+ if (is_array($_GET) AND count($_GET) == 1 AND trim(key($_GET), '/') != '')
{
$this->uri_string = key($_GET);
return;
@@ -74,7 +74,7 @@ class CI_URI {
// Is there a PATH_INFO variable?
// Note: some servers seem to have trouble with getenv() so we'll test it two ways
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
- if ($path != '' AND $path != '/' AND $path != "/".SELF)
+ if (trim($path, '/') != '' AND $path != "/".SELF)
{
$this->uri_string = $path;
return;
@@ -82,7 +82,7 @@ class CI_URI {
// No PATH_INFO?... What about QUERY_STRING?
$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
- if ($path != '' AND $path != '/')
+ if (trim($path, '/') != '')
{
$this->uri_string = $path;
return;
@@ -90,7 +90,7 @@ class CI_URI {
// No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
$path = (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO');
- if ($path != '' AND $path != '/' AND $path != "/".SELF)
+ if (trim($path, '/') != '' AND $path != "/".SELF)
{
$this->uri_string = $path;
return;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index bc1a5072c..a7ad022d2 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -103,7 +103,8 @@ Change Log
Fixed an AR_caching error where it wasn't tracking table aliases (#3463).
Fixed a bug in the DB class testing the $params argument.
Fixed a bug in the Table library where the integer 0 in cell data would be displayed as a blank cell.
- Fixed bugs (#3523, #4350) in get_filenames() with recursion and problems with Windows when $include_path is used.
+ Fixed bugs (#3523, #4350) in get_filenames() with recursion and problems with Windows when $include_path is used.
+ Fixed a bug (#4413) where a URI containing slashes only e.g. 'http://example.com/index.php?//' would result in PHP errors
Version 1.6.1
--
cgit v1.2.3-24-g4f1b