Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CodeIgniter Disallowed Key Characters

Tags:

codeigniter

CodeIgniter is giving me a Disallowed Key Characters error. I've narrowed it down to the name attribute of a form field: name='prod[50-4121.5]' but I'm not sure what to do about it.

like image 838
John Rand Avatar asked Nov 16 '10 19:11

John Rand


1 Answers

The problem is you are using characters not included in the standard Regex. Use this:

!preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\@\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)

As per the comments (and personal experience) you should not modify they Input.php file — rather, you should create/use your own MY_Input.php as follows:

<?php  class MY_Input extends CI_Input {      /**      * Clean Keys      *      * This is a helper function. To prevent malicious users      * from trying to exploit keys we make sure that keys are      * only named with alpha-numeric text and a few other items.      *       * Extended to allow:       *      - '.' (dot),       *      - '[' (open bracket),      *      - ']' (close bracket)      *       * @access  private      * @param   string      * @return  string      */     function _clean_input_keys($str) {         // UPDATE: Now includes comprehensive Regex that can process escaped JSON         if (!preg_match("/^[a-z0-9\:\;\.\,\?\!\@\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)) {             /**              * Check for Development enviroment - Non-descriptive               * error so show me the string that caused the problem               */             if (getenv('ENVIRONMENT') && getenv('ENVIRONMENT') == 'DEVELOPMENT') {                 var_dump($str);             }             exit('Disallowed Key Characters.');         }          // Clean UTF-8 if supported         if (UTF8_ENABLED === TRUE) {             $str = $this->uni->clean_string($str);         }          return $str;     }  }  // /?/> /* Should never close php file - if you have a space after code, it can mess your life up */ 

++Chinese Character Support

// NOTE: \x{4e00}-\x{9fa5} = allow chinese characters // NOTE: 'i' — case insensitive // NOTE: 'u' — UTF-8 mode if (!preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\@\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str) { ... }  // NOTE: When Chinese characters are provided in a URL, they are not 'really' there; the browser/OS //   handles the copy/paste -> unicode conversion, eg: //        一二三  -->  xn--4gqsa60b    //   'punycode' converts these codes according to RFC 3492 and RFC 5891. //   https://github.com/bestiejs/punycode.js ---  $ bower install punycode 
like image 149
Wallter Avatar answered Sep 23 '22 15:09

Wallter