+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Disallowed Key Characters. (/showthread.php?tid=12093)
Pages:
1
2
Disallowed Key Characters. - El Forum - 10-11-2008
[eluser]gox[/eluser]
Heh, you said that i should recreate application running on same domain, which working absolutely properly, to jump over CI BUG!
This is most stupid think i ever read.
There is more and more other ways to keep high security level, i understand POST and GET vars, disaloved chars there is hacking attempt for sure, but cookie!? here you have situation when it isn't hack attempt...
You should rebilid CI security system in cookie chars handling, for example:
unset cookie which disallowed chars and maybe print out tigger warrning...
For me now there is only one solution:
Code:
function _clean_input_keys($str)
{
/* if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
exit('Disallowed Key Characters.');
}
*/
return $str;
}This is it, i wouldn't waste my time any more to explain you how stupid your way of thinking is...
EOT
Disallowed Key Characters. - El Forum - 10-11-2008
[eluser]Pascal Kriete[/eluser]
What you have done there has got to be the most foolish thing I've seen in a while.
If you really feel the need to neuter the cookie protection, don't blow the other ones up as well.
Code:
// I'm feeling (very) lucky
// $_COOKIE = $this->_clean_input_data($_COOKIE);This might be of interest to you.
Disallowed Key Characters. - El Forum - 10-12-2008
[eluser]Yash[/eluser]
inparo don't waste time on such idiot guy.