From 73598e3ced570c42128ec5e90d67f509bd24fa5d Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Tue, 5 Apr 2011 15:01:05 -0400 Subject: Tightening up control character handling in urls --- system/core/URI.php | 57 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 23 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index c43cde005..80dc62e58 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -64,14 +64,14 @@ class CI_URI { // Is the request coming from the command line? if (defined('STDIN')) { - $this->uri_string = $this->_parse_cli_args(); + $this->_set_uri_string($this->_parse_cli_args()); return; } // Let's try the REQUEST_URI first, this will work in most situations if ($uri = $this->_detect_uri()) { - $this->uri_string = $uri; + $this->_set_uri_string($uri); return; } @@ -80,7 +80,7 @@ class CI_URI { $path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO'); if (trim($path, '/') != '' && $path != "/".SELF) { - $this->uri_string = $path; + $this->_set_uri_string($path); return; } @@ -88,43 +88,54 @@ class CI_URI { $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); if (trim($path, '/') != '') { - $this->uri_string = $path; + $this->_set_uri_string($path); return; } // As a last ditch effort lets try using the $_GET array if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') { - $this->uri_string = key($_GET); + $this->_set_uri_string(key($_GET)); return; } // We've exhausted all our options... $this->uri_string = ''; + return; } - else - { - $uri = strtoupper($this->config->item('uri_protocol')); - if ($uri == 'REQUEST_URI') - { - $this->uri_string = $this->_detect_uri(); - return; - } - elseif ($uri == 'CLI') - { - $this->uri_string = $this->_parse_cli_args(); - return; - } + $uri = strtoupper($this->config->item('uri_protocol')); - $this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri); + if ($uri == 'REQUEST_URI') + { + $this->_set_uri_string($this->_detect_uri()); + return; } - - // If the URI contains only a slash we'll kill it - if ($this->uri_string == '/') + elseif ($uri == 'CLI') { - $this->uri_string = ''; + $this->_set_uri_string($this->_parse_cli_args()); + return; } + + $path = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri); + $this->_set_uri_string($path); + } + + // -------------------------------------------------------------------- + + /** + * Set the URI String + * + * @access public + * @return string + */ + function _set_uri_string($str) + { + // Filter out control characters + $str = remove_invisible_characters($str, FALSE); + + // If the URI contains only a slash we'll kill it + $this->uri_string = ($str == '/') ? '' : $str; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 26eebddda5438c3967bad74a05c3e990528e1182 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Sun, 17 Apr 2011 23:45:41 -0400 Subject: Changed server check to ensure SCRIPT_NAME is defined. Fixes #57 --- system/core/URI.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index 80dc62e58..d56548654 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -120,7 +120,7 @@ class CI_URI { $path = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri); $this->_set_uri_string($path); } - + // -------------------------------------------------------------------- /** @@ -133,7 +133,7 @@ class CI_URI { { // Filter out control characters $str = remove_invisible_characters($str, FALSE); - + // If the URI contains only a slash we'll kill it $this->uri_string = ($str == '/') ? '' : $str; } @@ -151,7 +151,7 @@ class CI_URI { */ private function _detect_uri() { - if ( ! isset($_SERVER['REQUEST_URI'])) + if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME'])) { return ''; } @@ -184,12 +184,12 @@ class CI_URI { $_SERVER['QUERY_STRING'] = ''; $_GET = array(); } - + if ($uri == '/' || empty($uri)) { return '/'; } - + $uri = parse_url($uri, PHP_URL_PATH); // Do some final cleaning of the URI and return it -- cgit v1.2.3-24-g4f1b From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001 From: Razican Date: Mon, 25 Apr 2011 17:26:45 +0200 Subject: Fixed double-space typo. --- system/core/URI.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index d56548654..94fac59ac 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -1,4 +1,4 @@ -_set_uri_string($path); @@ -251,7 +251,7 @@ class CI_URI { */ function _remove_url_suffix() { - if ($this->config->item('url_suffix') != "") + if ($this->config->item('url_suffix') != "") { $this->uri_string = preg_replace("|".preg_quote($this->config->item('url_suffix'))."$|", "", $this->uri_string); } @@ -285,7 +285,7 @@ class CI_URI { * Re-index Segments * * This function re-indexes the $this->segment array so that it - * starts at 1 rather than 0. Doing so makes it simpler to + * starts at 1 rather than 0. Doing so makes it simpler to * use functions like $this->uri->segment(n) since there is * a 1:1 relationship between the segment array and the actual segments. * @@ -323,7 +323,7 @@ class CI_URI { * Fetch a URI "routed" Segment * * This function returns the re-routed URI segment (assuming routing rules are used) - * based on the number provided. If there is no routing this function returns the + * based on the number provided. If there is no routing this function returns the * same result as $this->segment() * * @access public @@ -425,7 +425,7 @@ class CI_URI { $i = 0; $lastval = ''; - $retval = array(); + $retval = array(); foreach ($segments as $seg) { if ($i % 2) -- cgit v1.2.3-24-g4f1b