From 9dd2dbb8b9a3edecddcb3907b65a402fd1ae71b4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 31 Oct 2012 17:54:56 +0200 Subject: Fix issues #388 & #705 (thanks to @sourcejedi, PR #1326 for pointing inconsistencies with RFC2616 --- system/core/URI.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index 407a6ce88..4a8d33e88 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -188,7 +188,7 @@ class CI_URI { $uri = parse_url($_SERVER['REQUEST_URI']); $query = isset($uri['query']) ? $uri['query'] : ''; - $uri = isset($uri['path']) ? $uri['path'] : ''; + $uri = isset($uri['path']) ? rawurldecode($uri['path']) : ''; if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0) { @@ -204,7 +204,7 @@ class CI_URI { if (trim($uri, '/') === '' && strncmp($query, '/', 1) === 0) { $query = explode('?', $query, 2); - $uri = $query[0]; + $uri = rawurldecode($query[0]); $_SERVER['QUERY_STRING'] = isset($query[1]) ? $query[1] : ''; } else @@ -245,8 +245,9 @@ class CI_URI { { $uri = explode('?', $uri, 2); $_SERVER['QUERY_STRING'] = isset($uri[1]) ? $uri[1] : ''; - $uri = $uri[0]; + $uri = rawurldecode($uri[0]); } + $this->_reset_query_string(); return str_replace(array('//', '../'), '/', trim($uri, '/')); @@ -325,7 +326,7 @@ class CI_URI { { // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern - if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', urldecode($str))) + if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '|')).']+$|i', $str)) { show_error('The URI you submitted has disallowed characters.', 400); } -- cgit v1.2.3-24-g4f1b