The _detect_uri() function |
[eluser]Unknown[/eluser]
hi, I would like to raise a concern regarding _detect_uri() under systems/core/URI.php which does a str_replace on the uri to convert '//' and '../' to '/'. below is the line of code: str_replace(array('//', '../'), '/', trim($uri, '/')); since certain uris in our application has trailing dots (.) followed by the slash (/) , this causes a problem and the rest call becomes invalid. (Eg. http://domain/controller/function/param1..../param2). Do we have to check for the '../' in the above code? if we do I would suggest there can be a regex check instead of str_replace where we can properly filter the uri. can this be inclued in the next patch? |
Welcome Guest, Not a member yet? Register Sign In |