CodeIgniter Forums

Full Version: Disallowed Key Characters
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]jorisw[/eluser]
Hi.

This is not a question about what this error means or how I get rid of it. I just want to know what the reasoning behind it was.

CodeIgniter checks $_GET, $_POST and $_COOKIE for disallowed characters. Mostly non-ASCII characters. Fine. I get that. Nothing wrong with some sanitation up front.

But what were the developers of CI thinking when they decided to just exit with "Disallowed Key Characters" in a blank screen upon encountering a disallowed key character?

Downsides:
- It completely breaks the application while the offending characters could simply have been filtered out.
- It doesn't tell the user anything.
- It exposes which framework was used to build the site.

Benefits: None.

For all that is holy, please, get rid of this rediculous exit() call at system/core/Input.php line 731 and replace it with something sensible.

Thank you.

El Forum

[eluser]CroNiX[/eluser]
I agree. Error handling should be up to the developer instead of just killing the app in place, or at least make it overridable like 404 handling which used to suffer from this same thing (hardcoded and no customability). There should be no hardcoded error messages either. They should be using the language files there, or at least allowing you to use a custom view/route like the 404.