|
本帖最后由 kasindy 于 2011-6-29 14:32 编辑
以下代码保存为MY_URI.php 放在application\core 里即可
PHP复制代码
class MY_URI extends CI_URI {
function _filter_uri ($str)
{
if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE)
{
// preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards
$str = urlencode($str); // 增加的代码
if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
{
show_error ('The URI you submitted has disallowed characters.', 400);
}
$str = urldecode($str); // 增加的代码
}
// Convert programatic characters to entities
$bad = array('$', '(', ')', '%28', '%29');
$good = array('$', '(', ')', '(', ')');
return str_replace($bad, $good, $str);
}
}
复制代码
求高手验证是否安全!! |
|