fixed a security issue which in certain cases could result in directory traversal

commit: 2615e418539c3d6e2f912c66be99ffebfb8513ff [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Wed Oct 06 17:51:16 2010 -0500
committer: Derek Jones <derek.jones@ellislab.com> Wed Oct 06 17:51:16 2010 -0500
tree: f37cb90319cabf46fa15ef9b98002a0bfa178f87
parent: 79bd0363faf287cafd9e9bd5608bc3e08df9ac87 [diff] [blame]
diff --git a/system/core/Router.php b/system/core/Router.php
index b371d52..d911eb2 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php

@@ -345,7 +345,7 @@
 	 */	
 	function set_class($class)
 	{
-		$this->class = $class;
+		$this->class = str_replace(array('/', '.'), '', $class);
 	}
 	
 	// --------------------------------------------------------------------
@@ -404,7 +404,7 @@
 	 */	
 	function set_directory($dir)
 	{
-		$this->directory = trim($dir, '/').'/';
+		$this->directory = str_replace(array('/', '.'), '', $dir).'/';
 	}
 
 	// --------------------------------------------------------------------
commit	2615e418539c3d6e2f912c66be99ffebfb8513ff	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Wed Oct 06 17:51:16 2010 -0500
committer	Derek Jones <derek.jones@ellislab.com>	Wed Oct 06 17:51:16 2010 -0500
tree	f37cb90319cabf46fa15ef9b98002a0bfa178f87
parent	79bd0363faf287cafd9e9bd5608bc3e08df9ac87 [diff] [blame]