From af3bd3e57fa7b381a670d3b96d9bb49d142739c8 Mon Sep 17 00:00:00 2001 From: chernjie Date: Thu, 6 Dec 2012 12:06:50 +0800 Subject: Bug fix for relative directory removal This fixes two bugs: - for segments that ends with ".." e.g. /user/username../details, this should not be replaced - current solution only replace double slashes, this solutions removes the infinite number of recurring slashes --- system/core/URI.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 91740254c..3f8775d4e 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -219,7 +219,26 @@ class CI_URI { } // Do some final cleaning of the URI and return it - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory_str($uri); + } + + // -------------------------------------------------------------------- + + /** + * Remove relative directory (../) and multi slashes (///) + * @param string $url + * @return string + */ + private function _remove_relative_directory_str($url) + { + $uris = array(); + $tok = strtok($url, '/'); + while ($tok !== false) + { + ($tok != '..' && ! empty($tok) || $tok === '0') && $uris[] = $tok; + $tok = strtok('/'); + } + return implode('/', $uris); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0bf9cfa127516a5561155d70a8edfa3c6b0ec57b Mon Sep 17 00:00:00 2001 From: CJ Date: Thu, 6 Dec 2012 17:15:49 +0800 Subject: Updated formatting and styleguide, thanks narfbg; --- system/core/URI.php | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 3f8775d4e..07add5a4d 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -219,23 +219,29 @@ class CI_URI { } // Do some final cleaning of the URI and return it - return $this->_remove_relative_directory_str($uri); + return $this->_remove_relative_directory($uri); } // -------------------------------------------------------------------- /** * Remove relative directory (../) and multi slashes (///) - * @param string $url - * @return string + * + * Do some final cleaning of the URI and return it, currently only used in self::_parse_request_uri() + * + * @param string $url + * @return string */ - private function _remove_relative_directory_str($url) + protected function _remove_relative_directory($uri) { $uris = array(); - $tok = strtok($url, '/'); - while ($tok !== false) + $tok = strtok($uri, '/'); + while ($tok !== FALSE) { - ($tok != '..' && ! empty($tok) || $tok === '0') && $uris[] = $tok; + if (( ! empty($tok) OR $tok === '0') && $tok !== '..') + { + $uris[] = $tok; + } $tok = strtok('/'); } return implode('/', $uris); -- cgit v1.2.3-24-g4f1b From b2280ced6f7214f3df40754152208ac3f3f02bce Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 6 Dec 2012 16:19:22 +0200 Subject: Another use of CI_URI::_remove_relative_directory() --- system/core/URI.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 07add5a4d..900472b61 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -274,7 +274,7 @@ class CI_URI { parse_str($_SERVER['QUERY_STRING'], $_GET); - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 9515dd372ed07dca9dcf728f31943d4a1d104112 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 7 Dec 2012 15:15:15 +0200 Subject: Fix issue #2061 --- system/core/Router.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/core') diff --git a/system/core/Router.php b/system/core/Router.php index 01f44bc83..76772a0fb 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -111,21 +111,21 @@ class CI_Router { // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); - if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')])) + if ($this->config->item('enable_query_strings') === TRUE + && ! empty($_GET[$this->config->item('controller_trigger')]) + && is_string($_GET[$this->config->item('controller_trigger')]) + ) { - if (isset($_GET[$this->config->item('directory_trigger')])) + if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')])) { $this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')]))); $segments[] = $this->fetch_directory(); } - if (isset($_GET[$this->config->item('controller_trigger')])) - { - $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); - $segments[] = $this->fetch_class(); - } + $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); + $segments[] = $this->fetch_class(); - if (isset($_GET[$this->config->item('function_trigger')])) + if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')])) { $this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')]))); $segments[] = $this->fetch_method(); @@ -142,7 +142,7 @@ class CI_Router { include(APPPATH.'config/routes.php'); } - $this->routes = (isset($route) && is_array($route)) ? $route : array(); + $this->routes = (empty($route) OR ! is_array($route)) ? array() : $route; unset($route); // Set the default controller so we can display it in the event -- cgit v1.2.3-24-g4f1b