From 8b1c3874d61d2c05f6368c9cad82aa533ad42b03 Mon Sep 17 00:00:00 2001 From: paulburdick Date: Wed, 27 Jun 2007 23:30:41 +0000 Subject: Modified the include so that there is a bit of filename security --- system/codeigniter/CodeIgniter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/codeigniter') diff --git a/system/codeigniter/CodeIgniter.php b/system/codeigniter/CodeIgniter.php index 987478f9f..8b067ff72 100644 --- a/system/codeigniter/CodeIgniter.php +++ b/system/codeigniter/CodeIgniter.php @@ -132,7 +132,7 @@ load_class('Controller', FALSE); // Load the local application controller // Note: The Router class automatically validates the controller path. If this include fails it // means that the default controller in the Routes.php file is not resolving to something valid. -if ( ! include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT)) +if ( ! include(APPPATH.'controllers/'.$IN->filename_security($RTR->fetch_directory()).$IN->filename_security($RTR->fetch_class()).EXT)) { show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.'); } -- cgit v1.2.3-24-g4f1b