From 8a1607772c5e9221884d9f0a39a514536f1fe21d Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 27 Feb 2008 05:19:50 +0000 Subject: added improved check for controller method access so that CI does not attempt to load private or protected controller methods added controller/method details to framework initiated 404 pages for logging --- system/codeigniter/CodeIgniter.php | 8 +++++--- system/libraries/Router.php | 4 ++-- user_guide/changelog.html | 2 ++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/system/codeigniter/CodeIgniter.php b/system/codeigniter/CodeIgniter.php index 8f9dbdf64..d1ef965cc 100644 --- a/system/codeigniter/CodeIgniter.php +++ b/system/codeigniter/CodeIgniter.php @@ -169,7 +169,7 @@ if ( ! class_exists($class) OR in_array($method, get_class_methods('Controller'), TRUE) ) { - show_404(); + show_404("{$class}/{$method}"); } /* @@ -214,9 +214,11 @@ else } else { - if ( ! method_exists($CI, $method)) + // is_callable() returns TRUE on some versions of PHP 5 for private and protected + // methods, so we'll use this workaround for consistent behavior + if (! in_array($method, get_class_methods($CI))) { - show_404(); + show_404("{$class}/{$method}"); } // Call the requested method. diff --git a/system/libraries/Router.php b/system/libraries/Router.php index f6464a31d..d9dd6dd3f 100644 --- a/system/libraries/Router.php +++ b/system/libraries/Router.php @@ -204,7 +204,7 @@ class CI_Router { // Does the requested controller exist in the sub-folder? if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].EXT)) { - show_404(); + show_404($this->fetch_directory().$segments[0]); } } else @@ -225,7 +225,7 @@ class CI_Router { } // Can't find the requested controller... - show_404(); + show_404($segments[0]); } // -------------------------------------------------------------------- diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 80615aa2e..c8c74f1ff 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -95,6 +95,8 @@ Change Log
  • Added a Path Helper.
  • Simplified _reindex_segments() in the URI class
  • Escaped the '-' in the default 'permitted_uri_chars' config item, to prevent errors if developers just try to add additional characters to the end of the default expression.
  • +
  • Modified method calling to controllers to show a 404 when a private or protected method is accessed via a URL
  • +
  • Modified framework initiated 404s to log the controller and method for invalid requests
  • Helpers -- cgit v1.2.3-24-g4f1b