Created
August 29, 2012 16:08
-
-
Save zeelot/3514945 to your computer and use it in GitHub Desktop.
Fix for security issue in Kohana 3.0.8 - 3.2.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php defined('SYSPATH') or die('No direct script access.'); | |
| // Just use this file in application/classes/url.php for a fix until 3.2.2 is out | |
| class URL extends Kohana_URL { | |
| /** | |
| * Fetches an absolute site URL based on a URI segment. | |
| * | |
| * echo URL::site('foo/bar'); | |
| * | |
| * @param string $uri Site URI to convert | |
| * @param mixed $protocol Protocol string or [Request] class to use protocol from | |
| * @param boolean $index Include the index_page in the URL | |
| * @return string | |
| * @uses URL::base | |
| */ | |
| public static function site($uri = '', $protocol = NULL, $index = TRUE) | |
| { | |
| // Chop off possible scheme, host, port, user and pass parts | |
| $path = preg_replace('~^[-a-z0-9+.]++://[^/]++/?~', '', trim($uri, '/')); | |
| if ( ! UTF8::is_ascii($path)) | |
| { | |
| // Encode all non-ASCII characters, as per RFC 1738 | |
| $path = preg_replace_callback('~([^/]+)~', 'URL::_rawurlencode_callback', $path); | |
| } | |
| // Concat the URL | |
| return URL::base($protocol, $index).$path; | |
| } | |
| /** | |
| * Callback used for encoding all non-ASCII characters, as per RFC 1738 | |
| * Used by URL::site() | |
| * | |
| * @param array $matches Array of matches from preg_replace_callback() | |
| * @return string Encoded string | |
| */ | |
| protected static function _rawurlencode_callback($matches) | |
| { | |
| return rawurlencode($matches[0]); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How is this a security issue? Can you please provide some real life example when something can go wrong?