From e56d60ad49eed1156081f9371fa84ca0a5b83e4d Mon Sep 17 00:00:00 2001 From: Qiang Xue Date: Tue, 10 Dec 2013 17:04:39 -0500 Subject: [PATCH] Escape special chars in URL rules. --- framework/yii/web/UrlRule.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/framework/yii/web/UrlRule.php b/framework/yii/web/UrlRule.php index a2e34f9..2934b26 100644 --- a/framework/yii/web/UrlRule.php +++ b/framework/yii/web/UrlRule.php @@ -143,7 +143,16 @@ class UrlRule extends Object } } - $tr = $tr2 = []; + $tr = [ + '.' => '\\.', + '*' => '\\*', + '$' => '\\$', + '[' => '\\[', + ']' => '\\]', + '(' => '\\(', + ')' => '\\)', + ]; + $tr2 = []; if (preg_match_all('/<(\w+):?([^>]+)?>/', $this->pattern, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER)) { foreach ($matches as $match) { $name = $match[1][0]; @@ -166,7 +175,6 @@ class UrlRule extends Object } } } - $tr['.'] = '\\.'; $this->_template = preg_replace('/<(\w+):?([^>]+)?>/', '<$1>', $this->pattern); $this->pattern = '#^' . trim(strtr($this->_template, $tr), '/') . '$#u';