[eluser]Unknown[/eluser]
Hello,
Yesterday I spent hours with the "Disallowed Key Characters" error message on my site. After went through some related topic in this forum, I've found the problem came from the $_COOKIE. I have the PHProxy 0.5b2 (you can find it on sourceforge.net) application running on my domain and enable the "Allow cookies to be stored" feature. The PHProxy's cookie look like:
Code:
COOKIE%3Bdatr%3B%2F%3B.facebook.com=1254371479-3a22f085c49a31edb9f847d166d38b427af6edf606ef4de1c35c4%3B;
Notice there are "%" character in the key.
I looked at the system/libraries/Input.php and found these lines did not help me get rid of silly COOKIEs
Code:
unset($_COOKIE['$Version']);
unset($_COOKIE['$Path']);
unset($_COOKIE['$Domain']);
I managed to improve the code a bit:
Code:
$CFG =& load_class('Config');
$cook_key = array_keys($_COOKIE);
$safe_cook_key = array( '__utm', //google analytics
$CFG->item('cookie_prefix'));
foreach($cook_key as $val)
{
if(substr_compare($val, $safe_cook_key[0],0, strlen($safe_cook_key[0]))!=0 && substr_compare($val, $safe_cook_key[1],0, strlen($safe_cook_key[0]))!=0)
{
unset($_COOKIE[$val]);
}
}
$_COOKIE = $this->_clean_input_data($_COOKIE);
And the result is nice to me. The stranger's cookies were gone.
Do you guys think it's a bug of Input.php? And i'm appreciate if s/o show me a better solution.
Thanks and regards,
