From af3bd3e57fa7b381a670d3b96d9bb49d142739c8 Mon Sep 17 00:00:00 2001
From: chernjie <chernjie@gmail.com>
Date: Thu, 6 Dec 2012 12:06:50 +0800
Subject: Bug fix for relative directory removal

This fixes two bugs:
- for segments that ends with ".." e.g. /user/username../details, this should not be replaced
- current solution only replace double slashes, this solutions removes the infinite number of recurring slashes
---
 system/core/URI.php | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'system/core/URI.php')

diff --git a/system/core/URI.php b/system/core/URI.php
index 91740254c..3f8775d4e 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -219,7 +219,26 @@ class CI_URI {
 		}
 
 		// Do some final cleaning of the URI and return it
-		return str_replace(array('//', '../'), '/', trim($uri, '/'));
+		return $this->_remove_relative_directory_str($uri);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Remove relative directory (../) and multi slashes (///)
+	 * @param 	string $url
+	 * @return 	string
+	 */
+	private function _remove_relative_directory_str($url)
+	{
+		$uris = array();
+		$tok = strtok($url, '/');
+		while ($tok !== false)
+		{
+			($tok != '..' && ! empty($tok) || $tok === '0') && $uris[] = $tok;
+			$tok = strtok('/');
+		}
+		return implode('/', $uris);
 	}
 
 	// --------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b