Codeigniter is "catching" url charcters even though they've been urlencoded

I'm having the strangest issue with codeigniter. I have a site that has a search feature which displays the person's query in the url so that they can save the url. I make sure that the query text has gone throu开发者_如何学Cgh rawurlencode before I stick it in the url. However, Codeigniter still shoots me to an error page when there's a character in the query that isn't in my permitted_uri_characters configuration.

So even though my browser says /search-results/query/%22samplequery%22, I’m still getting the error about using non-permitted characters.

Is this a bug? I don’t have non-permitted characters in my url. I have a % sign and some numbers (which are all specifically permitted). It’s definitely the permitted_uri_characters setting that’s giving me grief. If I add a quotation mark to it, it allows the %22 query through no problem.

And to be clear, the query is coming from a form as post data, then being encoded in my controller and then redirected to a new page. There’s no way that the permitted_uri_characters is somehow being applied BEFORE it gets encoded.

This is driving me batty, as my only solution at the moment is to open up my permitted_uri_charcters to everything under the sun, which isn't very secure!

Seems like you'd need to add @ to the permitted_uri_chars, even if you urlencode the email before sending it to site_url(). Might urldecode it before watching up the characters ... Percent Symbol in CodeIgniter URI

Here is a post more specific to your problem. http://sholsinger.com/archive/2009/04/passing-email-addresses-in-urls-with-codeigniter/

I tried with the permitted_uri_chars, and finally ended up passing the email as a query string (?email=bla@bla.com), not even urlencoding it. Works great :)

Could it be URL encoding the %20 to a " before codeigniter verify' it? How about adding that to the permitted char's list.

I have my own solution for this, it's messy and not optimal, but it works. You can create a table where you store (search_string , url_title).

Every time you perform a search, save the string, generate an url_title() and save it to the database. This way, you can redirect your user to a safe url, without missing the initial search.

I know somebody is gonna yell at me for this solution. But, if your site is small, and your traffic keeps low, it's a valid solution.