Make codeigniter behave on $_GET's ?

Question

I've had a problem with CI handling $_GET and found a way to overcome it.

The question is, can you see any security problem here?

I have my urls all ways like

/contacts
/company/info

And my default controller on CodeIgniter is called index

I can make CI behave with $_GET as long as I follow the class/function/default_controller.

Both these URL's work:

// class + function + default controller = ok
/class/function/index?var1=this&var2=that

// class + default controller = ok
/class/index?var1=this&var2=that

The thing is I want these to also work

// class without function nor default controller = NOT OK
/class?var1=this&var2=that

// class + function without default controller = NOT OK
/class/function?var1=this&var2=that

My solution was a little regex on the $_SERVER['REQUEST_URI'].

I'm no expert on regex so, can you see a possible security problem here?

/*
|---------------------------------------------------------------
| MAKE CODEIGNITER BEHAVE ON _GETS!
|---------------------------------------------------------------
|
| CI doesn't like to play ball with /contacts?a=23 and fails on several ocasions
| This forces the first ? or & to be replaced by /index/ that is the default controller
|
*/
 $_SERVER['REQUEST_URI'] = preg_replace('/\?|\&/', '/index/', $_SERVER['REQUEST_URI'], 1);

Thank you.

Answer 1

Nope. As long as you don't blindly trust the $_GET[] (which you shouldn't anyway), you're good.