Annajwaszahro
/
MIF_E31222691
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

limited number of uri segments that a request can have.

This commit is contained in:
Taylor Otwell 2011-12-30 11:24:15 -06:00
parent d10aa7b27a
commit 09d1c85e98
3 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
changelog.md
View File

@ -1,5 +1,13 @@
# Laravel Change Log # Laravel Change Log
## Version 2.0.8
- Fix: Limited URI segments to 20 to protect against DDoS.
### Upgrading from 2.0.7
- Replace **laravel** directory.
## Version 2.0.7 ## Version 2.0.7
- Fix: Fixed raw_where in query builder. - Fix: Fixed raw_where in query builder.

9
laravel/routing/router.php
View File

@ -181,6 +181,15 @@ protected function controller($method, $uri, $destination)
$segments = explode('/', trim($uri, '/')); $segments = explode('/', trim($uri, '/'));
// If there are more than 20 request segments, we will halt the request
// and throw an exception. This is primarily to protect against DDoS
// attacks which could overwhelm the server by feeding it too many
// segments in the URI, causing the loops in this class to bog.
if (count($segments) > 20)
{
throw new \Exception("Invalid request. There are more than 20 URI segments.");
}
if ( ! is_null($key = $this->controller_key($segments))) if ( ! is_null($key = $this->controller_key($segments)))
{ {
// Extract the various parts of the controller call from the URI. // Extract the various parts of the controller call from the URI.

2
public/index.php
View File

@ -3,7 +3,7 @@
* Laravel - A PHP Framework For Web Artisans * Laravel - A PHP Framework For Web Artisans
* *
* @package Laravel * @package Laravel
* @version 2.0.7 * @version 2.0.8
* @author Taylor Otwell <taylorotwell@gmail.com> * @author Taylor Otwell <taylorotwell@gmail.com>
* @link http://laravel.com * @link http://laravel.com
*/ */