Bug fix for relative directory removal

This fixes two bugs: - for segments that ends with ".." e.g. /user/username../details, this should not be replaced - current solution only replace double slashes, this solutions removes the infinite number of recurring slashes
aminodrago · Dec 6, 2012 · af3bd3e · af3bd3e
1 parent fd24adf
commit af3bd3e
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/system/core/URI.php b/system/core/URI.php
@@ -219,7 +219,26 @@ protected function _parse_request_uri()
 		}
 
 		// Do some final cleaning of the URI and return it
-		return str_replace(array('//', '../'), '/', trim($uri, '/'));
+		return $this->_remove_relative_directory_str($uri);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Remove relative directory (../) and multi slashes (///)
+	 * @param 	string $url
+	 * @return 	string
+	 */
+	private function _remove_relative_directory_str($url)
+	{
+		$uris = array();
+		$tok = strtok($url, '/');
+		while ($tok !== false)
+		{
+			($tok != '..' && ! empty($tok) || $tok === '0') && $uris[] = $tok;
+			$tok = strtok('/');
+		}
+		return implode('/', $uris);
 	}
 
 	// --------------------------------------------------------------------