From 27b5005d23ab2d55e459b59890d0108e100cb070 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Mon, 14 Apr 2008 14:03:04 +0000
Subject: added check to make sure the URI path is not constructed entirely of
 slashes in URI::_fetch_uri_string()

---
 system/libraries/URI.php  | 8 ++++----
 user_guide/changelog.html | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/system/libraries/URI.php b/system/libraries/URI.php
index aecf05138..d10a5daeb 100644
--- a/system/libraries/URI.php
+++ b/system/libraries/URI.php
@@ -65,7 +65,7 @@ class CI_URI {
 			// build the URI string from the zero index of the $_GET array.
 			// This avoids having to deal with $_SERVER variables, which
 			// can be unreliable in some environments
-			if (is_array($_GET) AND count($_GET) == 1)
+			if (is_array($_GET) AND count($_GET) == 1 AND trim(key($_GET), '/') != '')
 			{
 				$this->uri_string = key($_GET);			
 				return;
@@ -74,7 +74,7 @@ class CI_URI {
 			// Is there a PATH_INFO variable?
 			// Note: some servers seem to have trouble with getenv() so we'll test it two ways		
 			$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');			
-			if ($path != '' AND $path != '/' AND $path != "/".SELF)
+			if (trim($path, '/') != '' AND $path != "/".SELF)
 			{
 				$this->uri_string = $path;
 				return;
@@ -82,7 +82,7 @@ class CI_URI {
 					
 			// No PATH_INFO?... What about QUERY_STRING?
 			$path =  (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');	
-			if ($path != '' AND $path != '/')
+			if (trim($path, '/') != '')
 			{
 				$this->uri_string = $path;
 				return;
@@ -90,7 +90,7 @@ class CI_URI {
 			
 			// No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
 			$path = (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO');	
-			if ($path != '' AND $path != '/' AND $path != "/".SELF)
+			if (trim($path, '/') != '' AND $path != "/".SELF)
 			{
 				$this->uri_string = $path;
 				return;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index bc1a5072c..a7ad022d2 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -103,7 +103,8 @@ Change Log
 	<li>Fixed an AR_caching error where it wasn't tracking table aliases (#3463).</li>
 	<li>Fixed a bug in the DB class testing the $params argument.</li>
 	<li>Fixed a bug in the Table library where the integer 0 in cell data would be displayed as a blank cell.</li>
-	<li>Fixed bugs (#3523, #4350) in get_filenames() with recursion and problems with Windows when $include_path is used.</p>
+	<li>Fixed bugs (#3523, #4350) in get_filenames() with recursion and problems with Windows when $include_path is used.</li>
+	<li>Fixed a bug (#4413) where a URI containing slashes only e.g. 'http://example.com/index.php?//' would result in PHP errors</li>
 </ul>
 
 <h2>Version 1.6.1</h2>
-- 
cgit v1.2.3-24-g4f1b