limited number of uri segments that a request can have.

09d1c85e · Taylor Otwell · d10aa7b2 · 09d1c85e · 09d1c85e · 09d1c85e
Commit 09d1c85e authored Dec 30, 2011 by Taylor Otwell
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 1 deletion

changelog.md changelog.md +8 -0

router.php laravel/routing/router.php +9 -0

index.php public/index.php +1 -1

No files found.
--- a/changelog.md
+++ b/changelog.md
 # Laravel Change Log

+## Version 2.0.8
+
+- Fix: Limited URI segments to 20 to protect against DDoS.
+
+### Upgrading from 2.0.7
+
+- Replace **laravel** directory.
+
 ## Version 2.0.7

 - Fix: Fixed raw_where in query builder.

--- a/laravel/routing/router.php
+++ b/laravel/routing/router.php
@@ -181,6 +181,15 @@ class Router {

 		$segments = explode('/', trim($uri, '/'));

+		// If there are more than 20 request segments, we will halt the request
+		// and throw an exception. This is primarily to protect against DDoS
+		// attacks which could overwhelm the server by feeding it too many
+		// segments in the URI, causing the loops in this class to bog.
+		if (count($segments) > 20)
+		{
+			throw new \Exception("Invalid request. There are more than 20 URI segments.");
+		}
+
 		if ( ! is_null($key = $this->controller_key($segments)))
 		{
 			// Extract the various parts of the controller call from the URI.

--- a/public/index.php
+++ b/public/index.php
@@ -3,7 +3,7 @@
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
- * @version  2.0.7
+ * @version  2.0.8
 * @author   Taylor Otwell <taylorotwell@gmail.com>
 * @link     http://laravel.com
 */