CodeIgniter Forums

Full Version: help with uri segment and 404 pages
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

Hi everybody,

Let's i have my site with the following URL


products is the Class and product_info is the method. If I add a single quote next to product_info like below:


I get some errors like this :

Quote:A PHP Error was encountered
Severity: Notice
Message: Undefined index: product_info'
Filename: controllers/products.php
Line Number: 258

is there some kind of fix to prevent this from happening?

El Forum

Basically with default setup (not allowing the ' char) and error reporting to 0, like in a production environment you'll get a "The URI you submitted has dissallowed characters" error which is 400 Bad Request error, which is good for such a scenario. They shouldn't type such a uri, and since they did a 400 is ok.

I think you are troubled because you are seeing informative error which in development machine should anyway be visible. But as I said in a production environment there would not be an error displayed and you would normally get the 400.

El Forum

the problem is, event if I add it in the permitted uri chars, it doesn't work Confused consider this example[email protected]/194

As you can see, there is an @ sign in the URI, it should give send me to the page not found or something similar.. but that doesn't work :S

El Forum

I think i misunderstood the concept -____- ... I will come back if everything work

El Forum

Ok this is my config for URI

$config['permitted_uri_chars'] = 'a-z [email protected]%.:_\-&';'

I believe the URL above should send me to page not found or dissallowed characters?

El Forum

What is the error message you are receiving when you type in

Ideally, it should be a "Product not found" error page that you redirect the customer to. Your code in the product-info function should check for invalid characters and react.

El Forum

This is CI 2.x.x bug. I have same thing, but this mean, you have custom 404 controller defined from router.php config

like this.
$route['404_override'] = 'error/index/';

if i set $route['404_override'] = '' empty, then all thinks works fine.

El Forum

Basically its a 400 error not a 404.
I don't know if it should be grabbed by 404_override

In such a scenario you would set allow uri chars to empty string so that everything is allowed and you get your 404. But won't you have allowed "malicious" character to pass to your server? Just to get a 404? Would a user type /products/product-info/194 ? And if he did and he made a mistake wouldn't he go to his address bar and correct his mistake?

You would compromise security in favor of a 404?