Welcome Guest, Not a member yet? Register   Sign In
Somewhat unexpected behaviour with _remap


I'm not sure this is a bug, but I found a somewhat unexpected behaviour with _remap when I wrote a little filemanager app.

The url of the file manager controller for browsing a directory looks like this:


I'm using the _remap function to override the method calling behaviour of the controller.

The problem:

If the second uri segment begins with an underscore, CodeIgniter throws a 404 error, because the security checks assume that an evil user wants to access a protected method.

I expected that this security check is only necessary when there is no _remap method. As a dirty workarround, I did a little modification to the core.

./system/codeigniter/CodeIgniter.php :

- commented out line 178 where the security check is done:

if ( ! class_exists($class)
    OR $method == 'controller'
    // OR strncmp($method, '_', 1) == 0
    OR in_array(strtolower($method), array_map('strtolower', get_class_methods('Controller')))

- moved the security check to line 202 after the instantiation of the $CI class:

$CI = new $class();
if (!method_exists($CI, '_remap') AND strncmp($method, '_', 1) == 0)

It works for me, but I'm not sure it's a good solution... it might be the best not to use _remap in my filemanager controller Smile

Theme © iAndrew 2016 - Forum software by © MyBB