limited number of uri segments that a request can have.

changelog.md

@@ -1,5 +1,13 @@
 # Laravel Change Log
 
+## Version 2.0.8
+
+- Fix: Limited URI segments to 20 to protect against DDoS.
+
+### Upgrading from 2.0.7
+
+- Replace **laravel** directory.
+
 ## Version 2.0.7
 
 - Fix: Fixed raw_where in query builder.

laravel/routing/router.php

@@ -181,6 +181,15 @@ class Router {
 
 		$segments = explode('/', trim($uri, '/'));
 
+		// If there are more than 20 request segments, we will halt the request
+		// and throw an exception. This is primarily to protect against DDoS
+		// attacks which could overwhelm the server by feeding it too many
+		// segments in the URI, causing the loops in this class to bog.
+		if (count($segments) > 20)
+		{
+			throw new \Exception("Invalid request. There are more than 20 URI segments.");
+		}
+
 		if ( ! is_null($key = $this->controller_key($segments)))
 		{
 			// Extract the various parts of the controller call from the URI.

public/index.php

@@ -3,7 +3,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  2.0.7
+ * @version  2.0.8
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */