"Disallowed Key Characters" because $_COOKIE were not cleared reasonable.

[eluser]Unknown[/eluser]
Hello,

Yesterday I spent hours with the "Disallowed Key Characters" error message on my site. After went through some related topic in this forum, I've found the problem came from the $_COOKIE. I have the PHProxy 0.5b2 (you can find it on sourceforge.net) application running on my domain and enable the "Allow cookies to be stored" feature. The PHProxy's cookie look like:

Code:

COOKIE%3Bdatr%3B%2F%3B.facebook.com=1254371479-3a22f085c49a31edb9f847d166d38b427af6edf606ef4de1c35c4%3B;

Notice there are "%" character in the key.
I looked at the system/libraries/Input.php and found these lines did not help me get rid of silly COOKIEs

Code:

unset($_COOKIE['$Version']);
unset($_COOKIE['$Path']);
unset($_COOKIE['$Domain']);

I managed to improve the code a bit:

Code:

$CFG =& load_class('Config');
        
$cook_key = array_keys($_COOKIE);
$safe_cook_key = array( '__utm',                        //google analytics
                        $CFG->item('cookie_prefix'));
foreach($cook_key as $val)
{          
   if(substr_compare($val, $safe_cook_key[0],0, strlen($safe_cook_key[0]))!=0 && substr_compare($val, $safe_cook_key[1],0, strlen($safe_cook_key[0]))!=0)
   {
       unset($_COOKIE[$val]);
   }              
}
$_COOKIE = $this->_clean_input_data($_COOKIE);

And the result is nice to me. The stranger's cookies were gone.

Do you guys think it's a bug of Input.php? And i'm appreciate if s/o show me a better solution.

Thanks and regards,

[eluser]Unknown[/eluser]
Thank you!
I had a problem where a client is hosting multiple sites on 1 domain and some of the other domain cookies are leaking into ours and causing the “Disallowed Key Characters” error message.

I used a refined version of the above (removing only a particular cookie), Thanks again!

[eluser]thomas.ernest[/eluser]
Hey all,

This an interesting solution, but it requires to change a CodeIgniter's component, which is impossible on my setup.

It may be explained in other threads already... I dunno. However, I don't see any link and I've no time to search, sorry.

So, if you cannot apply this fix you should check the name of your form fields. They all have to match a specific regular expression. With CodeIgniter 1.7.3, in file "system/libraries/Input.php" function _clean_input_keys($str) starts at line 215 and contains :

Code:

if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
    exit('Disallowed Key Characters.');
}

Take it easy !

[eluser]InsiteFX[/eluser]
Let me know how this works out for you all, when you have to
upgrade to a new version of CodeIgniter!

You should never ever modify a CodeIgniter core file!

InsiteFX

[eluser]Peter Lubambi[/eluser]
Hi All,
I am new to codeigniter, suffering from the same problem 'Disallowed Key Characters. Whenever I try to submit form', I am using codeigniter 2.0.1 on xampp server.
Please help!

[eluser]Felix Cheruiyot[/eluser]
There is no problem with CI input library. I have done over 20 projects with both the 2.02 and older version and whenever I encounter such errors I try to figure it out in my code.
Example of a syntax error that generated the 'Disallowed Key Characters' message was:

<input type="text" name=idno_tf" />

The correct format should be:
<input type="text" name="idno_tf" />

Note: the "" enclosing idno_tf(Thats the difference);
I strongly object one to change the system files, you better use an older version if you feel the one you are using has a bug.

Just look a bit harder and testing every component well. You will certainly find where you went wrong.

[eluser]magikman[/eluser]
[quote author="Felix Cheruiyot" date="1311275505"]There is no problem with CI input library. [/quote]

I'm affraid ther is one in the special case Doan DU explained.

The best way to get rid of that is to erase the cookies from the domain where you have php proxy installed.

Or maybe we could override the Input class but that's not for me.

[eluser]Unknown[/eluser]
Good one..

[eluser]Unknown[/eluser]
The only solution that worked for me was the first one that Doan Du posted, but there was still a big problem after I used it -> the sessions does not work anymore. So I am not using that solution anymore. Anyway, thank you for your help.

My problem was that I have installed the same script on two diffrent domains and I used the same "sess_cookie_name"

Code:

$config["sess_cookie_name"]="ci_session";

for both of them.

Now I'm using different names on each domain and I have no problems.

Regards,
Adrian

[eluser]Unknown[/eluser]
Not sure if this will help anybody but I was formatting a cURL request with this little piece which only started working when I started using rawurlencode(). I was receiving the "DISALLOWED KEY CHARACTERS" error prior to encoding the cookie values. No core modifications were required:

Code:

$cookies = array();
foreach( $_COOKIE as $cookie_name => $cookie_value ) {
$cookies[] = $cookie_name ."=". rawurlencode($cookie_value);
};
$cookie_string = implode("; ", $cookies);
curl_setopt($curl, CURLOPT_COOKIE, $cookie_string);