[eluser]xwero[/eluser]
[quote author="Pygon" date="1204762232"]
xwero:
My appologies -- try only: index.php/some/segment/?one=1 and you should recieve a 404 since CI_URI assumes that if count($_GET) == 1, the first key is the name of the base controller you would like to access:
CI_URI.php
Code:
// If the URL has a question mark then it's simplest to just
// build the URI string from the zero index of the $_GET array.
// This avoids having to deal with $_SERVER variables, which
// can be unreliable in some environments
if (is_array($_GET) AND count($_GET) == 1)
{
$this->uri_string = key($_GET);
return;
}
However, from what you've said, and reviewing the code, I've realized that CI_URI could simply be modified.
[/quote]
Nice catch on the uri_protocol auto setting behavior so if you do two method overloads everything should be fine to work with the $_GET global as normal;
MY_URI.php
Code:
class MY_URI extends CI_URI
{
function MY_URI()
{
parent::CI_URI();
}
function _fetch_uri_string()
{
if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
{
// removed one get value behavior
// Is there a PATH_INFO variable?
// Note: some servers seem to have trouble with getenv() so we'll test it two ways
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
if ($path != '' AND $path != '/' AND $path != "/".SELF)
{
$this->uri_string = $path;
return;
}
// No PATH_INFO?... What about QUERY_STRING?
$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
if ($path != '' AND $path != '/')
{
$this->uri_string = $path;
return;
}
// No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
$path = (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO');
if ($path != '' AND $path != '/' AND $path != "/".SELF)
{
$this->uri_string = $path;
return;
}
// We've exhausted all our options...
$this->uri_string = '';
}
else
{
$uri = strtoupper($this->config->item('uri_protocol'));
if ($uri == 'REQUEST_URI')
{
$this->uri_string = $this->_parse_request_uri();
return;
}
$this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
}
// If the URI contains only a slash we'll kill it
if ($this->uri_string == '/')
{
$this->uri_string = '';
}
}
}
MY_Input.php
Code:
class MY_Input extends CI_Input
{
function MY_Input()
{
parent::CI_Input();
}
function _sanitize_globals()
{
// Would kind of be "wrong" to unset any of these GLOBALS
$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
'system_folder', 'application_folder', 'BM', 'EXT', 'CFG', 'URI', 'RTR', 'OUT', 'IN');
// Unset globals for security.
// This is effectively the same as register_globals = off
foreach (array($_GET, $_POST, $_COOKIE, $_SERVER, $_FILES, $_ENV, (isset($_SESSION) && is_array($_SESSION)) ? $_SESSION : array()) as $global)
{
if ( ! is_array($global))
{
if ( ! in_array($global, $protected))
{
unset($GLOBALS[$global]);
}
}
else
{
foreach ($global as $key => $val)
{
if ( ! in_array($key, $protected))
{
unset($GLOBALS[$key]);
}
if (is_array($val))
{
foreach($val as $k => $v)
{
if ( ! in_array($k, $protected))
{
unset($GLOBALS[$k]);
}
}
}
}
}
}
// Clean $_GET data
if (is_array($_GET) AND count($_GET) > 0)
{
foreach($_GET as $key => $val)
{
$_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}
}
// Clean $_POST Data
if (is_array($_POST) AND count($_POST) > 0)
{
foreach($_POST as $key => $val)
{
$_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}
}
// Clean $_COOKIE Data
if (is_array($_COOKIE) AND count($_COOKIE) > 0)
{
foreach($_COOKIE as $key => $val)
{
$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}
}
log_message('debug', "Global GET, POST and COOKIE data sanitized");
}
}
Like Pygon's solution if the $_SERVER variables get freaky the url can break.
