From 3541313e896794514b7d44a5f0aab1e47b340ef7 Mon Sep 17 00:00:00 2001
From: paulburdick <devnull@localhost>
Date: Wed, 27 Jun 2007 23:25:19 +0000
Subject: *Modified the Router so that when Query Strings are Enabled, the
 controller trigger and function trigger values are sanitized for filename
 include security.

---
 system/libraries/Router.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'system/libraries/Router.php')

diff --git a/system/libraries/Router.php b/system/libraries/Router.php
index 6c3062c07..e2a14800d 100644
--- a/system/libraries/Router.php
+++ b/system/libraries/Router.php
@@ -49,6 +49,7 @@ class CI_Router {
 	function CI_Router()
 	{
 		$this->config =& load_class('Config');
+		$this->input =& load_class('Input');
 		$this->_set_route_mapping();
 		log_message('debug', "Router Class Initialized");
 	}
@@ -482,7 +483,7 @@ class CI_Router {
 	 */	
 	function set_class($class)
 	{
-		$this->class = $class;
+		$this->class = $this->input->filename_security($class);
 	}
 	
 	// --------------------------------------------------------------------
@@ -509,7 +510,7 @@ class CI_Router {
 	 */	
 	function set_method($method)
 	{
-		$this->method = $method;
+		$this->method = $this->input->filename_security($method);
 	}
 
 	// --------------------------------------------------------------------
@@ -541,7 +542,7 @@ class CI_Router {
 	 */	
 	function set_directory($dir)
 	{
-		$this->directory = $dir.'/';
+		$this->directory = $this->input->filename_security($dir).'/';
 	}
 
 	// --------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b