From 9515dd372ed07dca9dcf728f31943d4a1d104112 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Fri, 7 Dec 2012 15:15:15 +0200
Subject: Fix issue #2061

---
 system/core/Router.php              | 18 +++++++++---------
 user_guide_src/source/changelog.rst |  1 +
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/system/core/Router.php b/system/core/Router.php
index 01f44bc83..76772a0fb 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -111,21 +111,21 @@ class CI_Router {
 		// since URI segments are more search-engine friendly, but they can optionally be used.
 		// If this feature is enabled, we will gather the directory/class/method a little differently
 		$segments = array();
-		if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')]))
+		if ($this->config->item('enable_query_strings') === TRUE
+			&& ! empty($_GET[$this->config->item('controller_trigger')])
+			&& is_string($_GET[$this->config->item('controller_trigger')])
+		)
 		{
-			if (isset($_GET[$this->config->item('directory_trigger')]))
+			if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')]))
 			{
 				$this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')])));
 				$segments[] = $this->fetch_directory();
 			}
 
-			if (isset($_GET[$this->config->item('controller_trigger')]))
-			{
-				$this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')])));
-				$segments[] = $this->fetch_class();
-			}
+			$this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')])));
+			$segments[] = $this->fetch_class();
 
-			if (isset($_GET[$this->config->item('function_trigger')]))
+			if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')]))
 			{
 				$this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')])));
 				$segments[] = $this->fetch_method();
@@ -142,7 +142,7 @@ class CI_Router {
 			include(APPPATH.'config/routes.php');
 		}
 
-		$this->routes = (isset($route) && is_array($route)) ? $route : array();
+		$this->routes = (empty($route) OR ! is_array($route)) ? array() : $route;
 		unset($route);
 
 		// Set the default controller so we can display it in the event
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index c2606f3f3..4844c6748 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -463,6 +463,7 @@ Bug fixes for 3.0
 -  Fixed a bug (#18) - :doc:`APC Cache <libraries/caching>` driver didn't (un)serialize data, resulting in failure to store objects.
 -  Fixed a bug (#188) - :doc:`Unit Testing Library <libraries/unit_testing>` filled up logs with error messages for non-existing language keys.
 -  Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array.
+-  Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **query_strings** set to TRUE.
 
 Version 2.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b