[eluser]Robert Wallis[/eluser]
In URI::_explode_segments() is a call to _filter_uri. However I can't find any code that runs a segment as a function, so there is no need to do this.
I'm experiencing a problem where a user can type a ( or ) character in the database which is sent as a uri segment to a controller.
The only incident I can see where _filter_uri is needed to replace this is on router.php(75) which says:
Code:
$this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')])));
However this is an explicit call to _filter_uri. Therefore URI::_explode_segments() URI.php(233) should not call _filter_uri() since there is no danger of executing unexpected code from the segment.
Furthermore, router.php(75) ends up calling call_user_func_array() on CodeIgniter.php(232) which will fail if passed a function name like "example()". So there is no reason to even filter for '(' and ')' in _filter_uri from all I can see.
Was there a specific security bug fixed by filtering for '(' and ')'?
Thanks,
