[eluser]Unknown[/eluser]
If you enable_query_strings in config.php, the last uri segment sent to your controller includes the query string, which makes the following paths different:
/control/act/param
/control/act/param?result=unexpected
/control/act/param/?result=expected
class Controller extends Controller {
function act($p) {
// I'm expecting $p === 'param'
// But it isn't on the second case
}
}
This is easily fixed.
Change _explode_segments in URI.php to
function _explode_segments()
{
$uri = $this->uri_string;
$querypart = NULL;
if ( $this->config->item('enable_query_strings') )
{
// If the URI contains a query string,
// chop it off before processing the segments.
$querypos = strpos($uri, '?');
if ($querypos !== FALSE)
{
$querypart = substr($uri, $querypos);
$uri = substr($uri, 0, $querypos);
}
}
foreach(explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $uri)) as $val)
{
// Filter segments for security
$val = trim($this->_filter_uri($val));
if ($val != '')
{
$this->segments[] = $val;
}
}
if ($querypart)
{
// add back the query string as the final segment
$this->segments[] = $querypart;
}
}
This also has the fortunate side effect of using the _filter_uri method even when query strings are enabled. So that method may be updated as well...
function _filter_uri($str)
{
$permitted = $this->config->item('permitted_uri_chars');
if ($str != '' && $permitted != '')
{
if ( ! preg_match('|^['.preg_quote($permitted,'|').']+$|i', $str))
{
header('HTTP/1.1 400 Bad Request');
show_error('The URI you submitted has disallowed characters.');
}
}
// Convert programatic characters to entities
$bad = array('$', '(', ')', '(', ')');
$good = array('$', '(', ')', '(', ')');
return str_replace($bad, $good, $str);
}
Also, since preg_quote does not quote the '-' char. Documentation should be added that the '-' char MUST come last in $config['permitted_uri_chars'] or will otherwise be interpreted as the range operator.
