开发者

codeigniter Disallowed Key Characters - when all characters are allowed [duplicate]

This question already has answers here: Closed 10 years ago.

Possible Duplicate:

CodeIgniter Disallowed Key Characters

I recently upgraded CI from 1.7 to 2.0. There after i started receiving CI's

Disallowed Key Characters

error.

I then allowed all characters to be accepted to see if the error would disappear.

$config['permitted_uri_chars'] = '';

However, this did not change anything

i also have enabled query strings

$config['enable_query_strings'] = TRUE;

I just don't know why i am getting the disallowed characters error when i am allowing all characters to be accepted.

Here is a url example where i would get the disallowed key characters error:

h开发者_如何学运维ttp://localhost/myapp/index.php??c=user&m=login

However, if i were to remove one of the '?' it works

http://localhost/myapp/index.php?c=user&m=login

I do have an htaccess file that contains:

RewriteEngine on
RewriteRule (.*)/index.php $1/ [L]

any help?


It looks like CodeIgniter does a separate check for GET/POST/and cookie data key names where it validates them against:

/^[a-z0-9:_\/-]+$/i

See: https://bitbucket.org/ellislab/codeigniter/src/c2dad3edb148/system/core/Input.php#cl-537

I don't see an easy way to disable this check other than editing/subclassing Input.php. You're probably better off using keys without weird symbols anyway though.


As stated in the code comments, what you're doing is hihgly discouraged

| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!

Nonetheless, a possibile solution would be to clear your cache and, in particular, your cookies, as you can see, for example, in this topic on CI Forum (and, to a lesser extent, on other resources you just get googling around)

EDIT: after posting I saw you edited your question and added important details. As suggested by the other user, you need to check the input class to hack how codeigniter implements its own POST and GET handling.

Especially, I'm looking to the function _clean_input_keys($str) in library/input.php, and change the Regex there

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜