[eluser]Unknown[/eluser]
Hi,
I'm not sure this is a bug, but I found a somewhat unexpected behaviour with _remap when I wrote a little filemanager app.
The url of the file manager controller for browsing a directory looks like this:
index.php/filemanager/path/to/directory
I'm using the _remap function to override the method calling behaviour of the controller.
The problem:
If the second uri segment begins with an underscore, CodeIgniter throws a 404 error, because the security checks assume that an evil user wants to access a protected method.
I expected that this security check is only necessary when there is no _remap method. As a dirty workarround, I did a little modification to the core.
./system/codeigniter/CodeIgniter.php :
- commented out line 178 where the security check is done:
Code:
if ( ! class_exists($class)
OR $method == 'controller'
// OR strncmp($method, '_', 1) == 0
OR in_array(strtolower($method), array_map('strtolower', get_class_methods('Controller')))
)
{
show_404("{$class}/{$method}");
}
- moved the security check to line 202 after the instantiation of the $CI class:
Code:
$CI = new $class();
if (!method_exists($CI, '_remap') AND strncmp($method, '_', 1) == 0)
{
show_404("{$class}/{$method}");
}
It works for me, but I'm not sure it's a good solution... it might be the best not to use _remap in my filemanager controller
