From f964b16f3db95d655420dfae2012ee9fbb98a1a8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Nov 2013 17:04:55 +0200 Subject: Deprecate CI_Input::is_cli_request() and add common function is_cli() to replace it Calls to this function are often needed before the Input library is available --- system/core/URI.php | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index bc086d223..bad9985d7 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -99,7 +99,7 @@ class CI_URI { if ($protocol === 'AUTO') { // Is the request coming from the command line? - if ($this->_is_cli_request()) + if (is_cli()) { $this->_set_uri_string($this->_parse_argv()); return; @@ -279,23 +279,6 @@ class CI_URI { // -------------------------------------------------------------------- - /** - * Is CLI Request? - * - * Duplicate of method from the Input class to test to see if - * a request was made from the command line. - * - * @see CI_Input::is_cli_request() - * @used-by CI_URI::_fetch_uri_string() - * @return bool - */ - protected function _is_cli_request() - { - return (PHP_SAPI === 'cli') OR defined('STDIN'); - } - - // -------------------------------------------------------------------- - /** * Parse CLI arguments * -- cgit v1.2.3-24-g4f1b From e540341ce42bc528632c2f96a0c7cd12fbce6a28 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 3 Jan 2014 14:59:17 +0200 Subject: A tiny improvement in ruri_string() --- system/core/URI.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index bad9985d7..5e4c80a00 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -703,12 +703,7 @@ class CI_URI { { global $RTR; - if (($dir = $RTR->directory) === '/') - { - $dir = ''; - } - - return $dir.implode('/', $this->rsegment_array()); + return ltrim($RTR->directory, '/').implode('/', $this->rsegment_array()); } } -- cgit v1.2.3-24-g4f1b From de14aa5a29b1b122bfd536f979dfda7f2fd9f53d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 15 Jan 2014 15:51:08 +0200 Subject: CI_URI changes related to the 'permitted_uri_chars' setting - Initialize and cache the value in the class constructor instead of searching for it every time - Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration - Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything Related: issue #2799 --- system/core/URI.php | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index 5e4c80a00..3d6d202c0 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -69,6 +69,15 @@ class CI_URI { */ public $rsegments = array(); + /** + * Permitted URI chars + * + * PCRE character group allowed in URI segments + * + * @var string + */ + protected $_permitted_uri_chars; + /** * Class constructor * @@ -81,6 +90,12 @@ class CI_URI { public function __construct() { $this->config =& load_class('Config', 'core'); + + if ($this->config->item('enable_query_strings') !== TRUE OR is_cli()) + { + $this->_permitted_uri_chars = $this->config->item('permitted_uri_chars'); + } + log_message('debug', 'URI Class Initialized'); } @@ -303,23 +318,19 @@ class CI_URI { * @param string $str * @return string */ - public function _filter_uri($str) + public function filter_uri($str) { - if ($str !== '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') === FALSE) + if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i', $str)) { - // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards - // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern - if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', $str)) - { - show_error('The URI you submitted has disallowed characters.', 400); - } + show_error('The URI you submitted has disallowed characters.', 400); } // Convert programatic characters to entities and return return str_replace( - array('$', '(', ')', '%28', '%29'), // Bad - array('$', '(', ')', '(', ')'), // Good - $str); + array('$', '(', ')', '%28', '%29'), // Bad + array('$', '(', ')', '(', ')'), // Good + $str + ); } // -------------------------------------------------------------------- @@ -365,7 +376,7 @@ class CI_URI { foreach (explode('/', preg_replace('|/*(.+?)/*$|', '\\1', $this->uri_string)) as $val) { // Filter segments for security - $val = trim($this->_filter_uri($val)); + $val = trim($this->filter_uri($val)); if ($val !== '') { -- cgit v1.2.3-24-g4f1b From 08fef7de41cb06785cdb1024769892d9510e6e6b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 15 Jan 2014 18:37:01 +0200 Subject: Fix #2799 by adding conditional PCRE UTF-8 support to CI_URI::filter_uri() Also did a tiny micro-optimization in the Utf8 class. --- system/core/URI.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index 3d6d202c0..c83b7a74f 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -320,7 +320,7 @@ class CI_URI { */ public function filter_uri($str) { - if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i', $str)) + if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str)) { show_error('The URI you submitted has disallowed characters.', 400); } -- cgit v1.2.3-24-g4f1b From 30d5324617ae136c7a91badb6ed8f7de418fd7f5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jan 2014 14:41:46 +0200 Subject: URI Routing overhaul - Allow multiple levels of controller directories (supersedes PRs #390, #2439) - Add support for per-directory 'defaul_controller' and '404_override' (resolves issue #2611; supersedes PR #939) - Fixed a bug where default_controller was called instead of triggering 404 if the current route is inside a directory - Removed a few calls from CI_Router to CI_URI that made a necessity for otherwise internal CI_URI methods to be public: - Removed CI_URI::_fetch_uri_string() and moved its logic into CI_URI::__construct() - Removed CI_URI::_remove_url_suffix, CI_URI::_explode_segments() and moved their logic into CI_URI::_set_uri_string() - Removed CI_URI::_reindex_segments() altogether ( doesn't need further manipulation, while is public anyway and can be properly (and more effectively) replaced on the spot) --- system/core/URI.php | 252 +++++++++++++++++----------------------------------- 1 file changed, 83 insertions(+), 169 deletions(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index c83b7a74f..80cf0b4e9 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -44,21 +44,21 @@ class CI_URI { * * @var array */ - public $keyval = array(); + public $keyval = array(); /** * Current URI string * * @var string */ - public $uri_string; + public $uri_string = ''; /** * List of URI segments * * @var array */ - public $segments = array(); + public $segments = array(); /** * Re-indexed list of URI segments @@ -67,7 +67,7 @@ class CI_URI { * * @var array */ - public $rsegments = array(); + public $rsegments = array(); /** * Permitted URI chars @@ -81,91 +81,53 @@ class CI_URI { /** * Class constructor * - * Simply globalizes the $RTR object. The front - * loads the Router class early on so it's not available - * normally as other classes are. - * * @return void */ public function __construct() { $this->config =& load_class('Config', 'core'); - if ($this->config->item('enable_query_strings') !== TRUE OR is_cli()) + // If query strings are enabled, we don't need to parse any segments. + // However, they don't make sense under CLI. + if (is_cli() OR $this->config->item('enable_query_strings') !== TRUE) { $this->_permitted_uri_chars = $this->config->item('permitted_uri_chars'); - } - - log_message('debug', 'URI Class Initialized'); - } - - // -------------------------------------------------------------------- - - /** - * Fetch URI String - * - * @used-by CI_Router - * @return void - */ - public function _fetch_uri_string() - { - $protocol = strtoupper($this->config->item('uri_protocol')); - if ($protocol === 'AUTO') - { - // Is the request coming from the command line? - if (is_cli()) + // If it's a CLI request, ignore the configuration + if (is_cli() OR ($protocol = strtoupper($this->config->item('uri_protocol')) === 'CLI')) { $this->_set_uri_string($this->_parse_argv()); - return; } - - // Is there a PATH_INFO variable? This should be the easiest solution. - if (isset($_SERVER['PATH_INFO'])) + elseif ($protocol === 'AUTO') { - $this->_set_uri_string($_SERVER['PATH_INFO']); - return; + // Is there a PATH_INFO variable? This should be the easiest solution. + if (isset($_SERVER['PATH_INFO'])) + { + $this->_set_uri_string($_SERVER['PATH_INFO']); + } + // No PATH_INFO? Let's try REQUST_URI or QUERY_STRING then + elseif (($uri = $this->_parse_request_uri()) !== '' OR ($uri = $this->_parse_query_string()) !== '') + { + $this->_set_uri_string($uri); + } + // As a last ditch effor, let's try using the $_GET array + elseif (is_array($_GET) && count($_GET) === 1 && trim(key($_GET), '/') !== '') + { + $this->_set_uri_string(key($_GET)); + } } - - // Let's try REQUEST_URI then, this will work in most situations - if (($uri = $this->_parse_request_uri()) !== '') + elseif (method_exists($this, ($method = '_parse_'.strtolower($protocol)))) { - $this->_set_uri_string($uri); - return; + $this->_set_uri_string($this->$method()); } - - // No REQUEST_URI either?... What about QUERY_STRING? - if (($uri = $this->_parse_query_string()) !== '') + else { + $uri = isset($_SERVER[$protocol]) ? $_SERVER[$protocol] : @getenv($protocol); $this->_set_uri_string($uri); - return; - } - - // As a last ditch effort let's try using the $_GET array - if (is_array($_GET) && count($_GET) === 1 && trim(key($_GET), '/') !== '') - { - $this->_set_uri_string(key($_GET)); - return; } - - // We've exhausted all our options... - $this->uri_string = ''; - return; } - if ($protocol === 'CLI') - { - $this->_set_uri_string($this->_parse_argv()); - return; - } - elseif (method_exists($this, ($method = '_parse_'.strtolower($protocol)))) - { - $this->_set_uri_string($this->$method()); - return; - } - - $uri = isset($_SERVER[$protocol]) ? $_SERVER[$protocol] : @getenv($protocol); - $this->_set_uri_string($uri); + log_message('debug', 'URI Class Initialized'); } // -------------------------------------------------------------------- @@ -180,6 +142,32 @@ class CI_URI { { // Filter out control characters and trim slashes $this->uri_string = trim(remove_invisible_characters($str, FALSE), '/'); + + if ($this->uri_string !== '') + { + // Remove the URL suffix, if present + if (($suffix = (string) $this->config->item('url_suffix')) !== '') + { + $slen = strlen($suffix); + + if (substr($this->uri_string, -$slen) === $suffix) + { + $this->uri_string = substr($this->uri_string, 0, -$slen); + } + } + + // Populate the segments array + foreach (explode('/', preg_replace('|/*(.+?)/*$|', '\\1', $this->uri_string)) as $val) + { + // Filter segments for security + $val = trim($this->filter_uri($val)); + + if ($val !== '') + { + $this->segments[] = $val; + } + } + } } // -------------------------------------------------------------------- @@ -239,37 +227,11 @@ class CI_URI { // -------------------------------------------------------------------- - /** - * Remove relative directory (../) and multi slashes (///) - * - * Do some final cleaning of the URI and return it, currently only used in self::_parse_request_uri() - * - * @param string $url - * @return string - */ - protected function _remove_relative_directory($uri) - { - $uris = array(); - $tok = strtok($uri, '/'); - while ($tok !== FALSE) - { - if (( ! empty($tok) OR $tok === '0') && $tok !== '..') - { - $uris[] = $tok; - } - $tok = strtok('/'); - } - return implode('/', $uris); - } - - // -------------------------------------------------------------------- - /** * Parse QUERY_STRING * * Will parse QUERY_STRING and automatically detect the URI from it. * - * @used-by CI_URI::_fetch_uri_string() * @return string */ protected function _parse_query_string() @@ -310,100 +272,52 @@ class CI_URI { // -------------------------------------------------------------------- /** - * Filter URI + * Remove relative directory (../) and multi slashes (///) * - * Filters segments for malicious characters. + * Do some final cleaning of the URI and return it, currently only used in self::_parse_request_uri() * - * @used-by CI_Router - * @param string $str + * @param string $url * @return string */ - public function filter_uri($str) - { - if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str)) - { - show_error('The URI you submitted has disallowed characters.', 400); - } - - // Convert programatic characters to entities and return - return str_replace( - array('$', '(', ')', '%28', '%29'), // Bad - array('$', '(', ')', '(', ')'), // Good - $str - ); - } - - // -------------------------------------------------------------------- - - /** - * Remove URL suffix - * - * Removes the suffix from the URL if needed. - * - * @used-by CI_Router - * @return void - */ - public function _remove_url_suffix() + protected function _remove_relative_directory($uri) { - $suffix = (string) $this->config->item('url_suffix'); - - if ($suffix === '') + $uris = array(); + $tok = strtok($uri, '/'); + while ($tok !== FALSE) { - return; + if (( ! empty($tok) OR $tok === '0') && $tok !== '..') + { + $uris[] = $tok; + } + $tok = strtok('/'); } - $slen = strlen($suffix); - - if (substr($this->uri_string, -$slen) === $suffix) - { - $this->uri_string = substr($this->uri_string, 0, -$slen); - } + return implode('/', $uris); } // -------------------------------------------------------------------- /** - * Explode URI segments + * Filter URI * - * The individual segments will be stored in the $this->segments array. + * Filters segments for malicious characters. * - * @see CI_URI::$segments - * @used-by CI_Router - * @return void + * @param string $str + * @return string */ - public function _explode_segments() + public function filter_uri($str) { - foreach (explode('/', preg_replace('|/*(.+?)/*$|', '\\1', $this->uri_string)) as $val) + if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str)) { - // Filter segments for security - $val = trim($this->filter_uri($val)); - - if ($val !== '') - { - $this->segments[] = $val; - } + show_error('The URI you submitted has disallowed characters.', 400); } - } - // -------------------------------------------------------------------- - - /** - * Re-index Segments - * - * Re-indexes the CI_URI::$segment array so that it starts at 1 rather - * than 0. Doing so makes it simpler to use methods like - * CI_URI::segment(n) since there is a 1:1 relationship between the - * segment array and the actual segments. - * - * @used-by CI_Router - * @return void - */ - public function _reindex_segments() - { - array_unshift($this->segments, NULL); - array_unshift($this->rsegments, NULL); - unset($this->segments[0]); - unset($this->rsegments[0]); + // Convert programatic characters to entities and return + return str_replace( + array('$', '(', ')', '%28', '%29'), // Bad + array('$', '(', ')', '(', ')'), // Good + $str + ); } // -------------------------------------------------------------------- @@ -714,7 +628,7 @@ class CI_URI { { global $RTR; - return ltrim($RTR->directory, '/').implode('/', $this->rsegment_array()); + return ltrim($RTR->directory, '/').implode('/', $this->rsegments); } } -- cgit v1.2.3-24-g4f1b From a00be04885c351f3e6e049a544444bc1c476d2fe Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 18 Jan 2014 16:50:12 +0200 Subject: Fix #2827 --- system/core/URI.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index 80cf0b4e9..6e0d7f993 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -94,7 +94,7 @@ class CI_URI { $this->_permitted_uri_chars = $this->config->item('permitted_uri_chars'); // If it's a CLI request, ignore the configuration - if (is_cli() OR ($protocol = strtoupper($this->config->item('uri_protocol')) === 'CLI')) + if (is_cli() OR ($protocol = strtoupper($this->config->item('uri_protocol'))) === 'CLI') { $this->_set_uri_string($this->_parse_argv()); } -- cgit v1.2.3-24-g4f1b From a4399051455f844f432ac453fb9c3202c4464cf2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 18 Jan 2014 18:58:06 +0200 Subject: Fix CI_URI:: not being properly indexed --- system/core/URI.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'system/core/URI.php') diff --git a/system/core/URI.php b/system/core/URI.php index 6e0d7f993..13682cbee 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -156,6 +156,7 @@ class CI_URI { } } + $this->segments[0] = NULL; // Populate the segments array foreach (explode('/', preg_replace('|/*(.+?)/*$|', '\\1', $this->uri_string)) as $val) { @@ -167,6 +168,8 @@ class CI_URI { $this->segments[] = $val; } } + + unset($this->segments[0]); } } -- cgit v1.2.3-24-g4f1b