I am working on a search bar. There is a form, on submit the text from the input gets encoded with the JavaScript
encodeURIComponent function and redirected with
Code:
window.location.href = /search/yourtexthere
This is routed to a controller with
Code:
$routes->get('search/(:segment)', 'Search::word/$1');
If I search for special characters, for example: []{}, I get the "
The URI you submitted has disallowed characters" error message.
If I copy the url from the address bar, the characters are properly encoded to
%5B%5D%7B%7D. All of these characters match the default regular expression in the App.php at
$permittedURIChars.
When I copy just the []{} characters from the browser address bar, they stay as is, not encoded.
I tested
Code:
preg_match('/\A[a-z 0-9~%.:_\-]+\z/iu', '%5B%5D%7B%7D');
preg_match('/\A[a-z 0-9~%.:_\-]+\z/iu', '[]{}');
They return 1 and 0, as expected.
I tried type in the the full url with the encoded string, same result.
I made a link on a test page where the []{} was encoded with PHP's
urlencode,
rawurlencode and
http_build_query, with the same result.
If I set
$permittedURIChars = ''; it works but it is not recommended. With this setting, if I
dd(site_url(uri_string())); the url, it is properly encoded.
I use
CodeIgnire 4.5.1
MacOS 14.5
It was tested on Firefox 126, Firefox Developer Edition 127, Safari 17.5, Safari Technology Preview 17.4 with the same result.
I assumed, maybe it is an OS/browser thing, because when I copied only the []{} characters from the url, they stayed not encoded.
But when I used
dd to print out the url, I saw that the characters are encoded as they should be.
My question is, am I doing something wrong or is this a bug in CodeIgniter?