ZF-12467: Invalid controller name specified into request
If user makes a mistake on accidentally enters incorrect controller, it is set into request as-is in Zend_Controller_Router_Rewrite::_setRequestParams(). However, in Zend_Controller_Dispatcher_Abstract::_formatName() there is a preg_replace('/[^a-z0-9 ]/', '') when forming the controller name.
Now, in my code I cannot rely that controller name has been properly filtered, nor what the class name ended up to be!
I'm currently studying the implications of rejecting illegal controller names or alternatively, silently accepting the filtering result.