Changeset 3058
- Timestamp:
- 07/11/2008 09:04:05 AM (3 months ago)
- Files:
-
- 1 modified
-
trunk/system/libraries/Router.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/libraries/Router.php
r3051 r3058 67 67 self::$current_uri = html::specialchars(self::$current_uri, FALSE); 68 68 69 // Remove all dot-paths from the URI, they are not valid 70 self::$current_uri = str_replace(array('../', './'), '', self::$current_uri); 71 69 72 // At this point segments, rsegments, and current URI are all the same 70 // We trim off periods, slashes, and spaces to prevent malicious attacks 71 // using ../../ URIs. 72 self::$segments = self::$rsegments = self::$current_uri = trim(self::$current_uri, './ '); 73 self::$segments = self::$rsegments = self::$current_uri = trim(self::$current_uri, '/'); 73 74 74 75 // Set the complete URI … … 112 113 if (is_file($dir.$controller_path.EXT)) 113 114 { 114 // Set controller subdirectory if any115 self::$controller_dir = substr($controller_path, 0, strrpos($controller_path, '/'));116 117 115 // Set controller name 118 116 self::$controller = $segment;
