permitted_uri_chars in application/config.php not working [serious vulnerability] |
[eluser]Keat Liang[/eluser]
i found out which function might cause the error under core/URI.php Code: /** don't perl syntax are look like this ?? Code: /^[a-z 0-9~%\.\:_\-]+$/i and i notice _remove_url_suffix() _explode_segments() also use Code: | update: after looking PHP documentation perl regular expression delimiter can be / # ~ (common one) http://www.php.net/manual/en/regexp.refe...miters.php
[eluser]Keat Liang[/eluser]
i did a fix. because of $str is percent encoded so preg_match will not work on certain URL character here is the quick and dirty fix Code: class MY_URI extends CI_URI
[eluser]lwliang061[/eluser]
These things looked pretty good, and some that I can learn,I hope to learn more on it! |
Welcome Guest, Not a member yet? Register Sign In |