|
|
@@ -149,10 +149,10 @@ foreach (Bundle::all() as $bundle => $config)
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
- * Route the request to the proper route in the application. If a
|
|
|
- * route is found, the route will be called via the request class
|
|
|
- * static property. If no route is found, the 404 response will
|
|
|
- * be returned to the browser.
|
|
|
+ * If the requset URI has too many segments, we will bomb out of
|
|
|
+ * the request. This is too avoid potential DDoS attacks against
|
|
|
+ * the framework by overloading the controller lookup method
|
|
|
+ * with thousands of segments.
|
|
|
*/
|
|
|
$uri = URI::current();
|
|
|
|
|
|
@@ -161,6 +161,12 @@ if (count(URI::$segments) > 15)
|
|
|
throw new \Exception("Invalid request. Too many URI segments.");
|
|
|
}
|
|
|
|
|
|
+/**
|
|
|
+ * Route the request to the proper route in the application. If a
|
|
|
+ * route is found, the route will be called via the request class
|
|
|
+ * static property. If no route is found, the 404 response will
|
|
|
+ * be returned to the browser.
|
|
|
+ */
|
|
|
Request::$route = Routing\Router::route(Request::method(), $uri);
|
|
|
|
|
|
if (is_null(Request::$route))
|
Taylor Otwell