Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Bug fix for relative directory removal

This fixes two bugs:
- for segments that ends with ".." e.g. /user/username../details, this should not be replaced
- current solution only replace double slashes, this solutions removes the infinite number of recurring slashes
  • Loading branch information...
commit af3bd3e57fa7b381a670d3b96d9bb49d142739c8 1 parent fd24adf
@chernjie chernjie authored chernjie committed
Showing with 20 additions and 1 deletion.
  1. +20 −1 system/core/URI.php
View
21 system/core/URI.php
@@ -219,7 +219,26 @@ protected function _parse_request_uri()
}
// Do some final cleaning of the URI and return it
- return str_replace(array('//', '../'), '/', trim($uri, '/'));
+ return $this->_remove_relative_directory_str($uri);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Remove relative directory (../) and multi slashes (///)
+ * @param string $url
+ * @return string
+ */
+ private function _remove_relative_directory_str($url)
+ {
+ $uris = array();
+ $tok = strtok($url, '/');
+ while ($tok !== false)
+ {
+ ($tok != '..' && ! empty($tok) || $tok === '0') && $uris[] = $tok;
+ $tok = strtok('/');
+ }
+ return implode('/', $uris);
}
// --------------------------------------------------------------------
Please sign in to comment.
Something went wrong with that request. Please try again.