The _detect_uri() function

[eluser]Unknown[/eluser]
hi,

I would like to raise a concern regarding _detect_uri() under systems/core/URI.php which does a str_replace on the uri to convert '//' and '../' to '/'. below is the line of code:

str_replace(array('//', '../'), '/', trim($uri, '/'));

since certain uris in our application has trailing dots (.) followed by the slash (/) , this causes a problem and the rest call becomes invalid. (Eg. http://domain/controller/function/param1..../param2).

Do we have to check for the '../' in the above code? if we do I would suggest there can be a regex check instead of str_replace where we can properly filter the uri. can this be inclued in the next patch?