Further changes related to issue #47, PR #3323
- Removed a test that was created specifically for the 'convert programmatic characters to entities' feature.
- Changed filter_uri() to accept by reference and to not return anything as its only purpose now is to trigger a show_error() call.
- Added changelog messages and updated the upgrade instructions.
diff --git a/system/core/URI.php b/system/core/URI.php
index 067338d..7909101 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -173,8 +173,9 @@
// Populate the segments array
foreach (explode('/', trim($this->uri_string, '/')) as $val)
{
+ $val = trim($val);
// Filter segments for security
- $val = trim($this->filter_uri($val));
+ $this->filter_uri($val);
if ($val !== '')
{
@@ -318,16 +319,14 @@
* Filters segments for malicious characters.
*
* @param string $str
- * @return string
+ * @return void
*/
- public function filter_uri($str)
+ public function filter_uri(&$str)
{
if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str))
{
show_error('The URI you submitted has disallowed characters.', 400);
}
-
- return $str;
}
// --------------------------------------------------------------------