• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The URI you submitted has disallowed characters.

#1
[eluser]drewbee[/eluser]
The URI you submitted has disallowed characters.

I know where the configuration is. That is not an issue. Where is the actual validation and runtime checking being done at for this? I want to display a error 404 anytime this (and if there are any other areas that throw these random error messages). I am just praying this error is thrown through some type of global error function.

Any insight to the location of this?

P.S. The default 404 error pages, while a bit of hacking needs to be done to make them work with the rest of the site fluently... still look decent out of the box. Whats up with these sexy black & white error messages?

#2
[eluser]Randy Casburn[/eluser]
A good place to start would be on this page:

http://ellislab.com/codeigniter/user-gui...urity.html

That says this:

Quote:CodeIgniter is fairly restrictive regarding which characters it allows in your URI strings in order to help minimize the possibility that malicious data can be passed to your application. URIs may only contain the following:

Good luck,

Randy

#3
[eluser]Sam Dark[/eluser]
Maybe this will be helpful: http://ellislab.com/forums/viewthread/85839/

#4
[eluser]drewbee[/eluser]
Sorry, perhaps I am not being clear about what I am looking for.

I am looking for where code igniter does the validation (in the core files) of this security check. I know and understand the purpose of why it is there, that is not the issue. I am trying to prevent such an ugly error screen.

I just can't seem to locate it.

#5
[eluser]Sam Dark[/eluser]
Check URI.php.

#6
[eluser]Randy Casburn[/eluser]
@drewbee - Look around a little. Maybe RTFM a little. Maybe figure out how CI works a little before you go screwing with core code...just sayin'...

There is a configuration file named config.php - GO Figure!
One line does what you want...
Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
Read the comments in that that file. You can make the URI accept any characters you'd like.

Simple as that.

Randy

#7
[eluser]drewbee[/eluser]
Sir,

Before you start attacking me, you can understand what I am trying to say. In your terms RMFP a little. As I have stated multiple times, I am very well aware of what the configuration does. I was looking for the validation routine in the core to where it actually validates. I still want this to run based off of the configuration, just the results on failure to behave differently.

Next time, please understand what you are replying to before lashing out like that.


Thank you Sam, this is what I was looking for.

Chalk up another extension to the CI library.

Code:
function _filter_uri($str)
    {
        if ($str != '' AND $this->config->item('permitted_uri_chars') != '')
        {
            if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", $str))
            {
                redirect('error/404');
            }
        }
            
        return $str;
    }

#8
[eluser]Randy Casburn[/eluser]
@drewbee - Yep - you are absolutely on the ticket. I was too quick to lash out at you. We get a lot of folks that don't RTM.

Sorry about that.

If you don't get it sorted out PM me and I'm personally take care of this for you to make this up to you.

Randy

#9
[eluser]drewbee[/eluser]
Yeah -- I do understand that people don't read the manual. Heh, I have been burried in that thing since the day I touched CI. Even better, its why I have probably extended over half of the libraries already. It comes very close to doing what I need, but those tiny extensions just make all the world of a difference. As being part of several PHP communities I know that so many answers can be so easily answered just by heading over to the manual; and it does drive one insane after a while telling people to keep doing that Big Grin So believe me you, I am no stranger to that world. Just a miss interpretation on your part, and I could have explained it better.

This was just a case of me being lost in the core. (only knowing that I was looking for a function validating the config file).

All is well though now. Anytime invalid parameters (as specified by the config) do not pass, I am simply shown my custom 404 page.

To bring up another point on this, Don't you think CI is a little hastey the instant exit to the script? This is what brought this post up in the first place, (I assumed it was some type of exit or die being called just by what it looked like) as I would have thought CI's error handling would have taken care of it, rather then an instant exit right there right then. Confusedhrug:

All in all though, no worries mate Smile We'll try and click better on the next one!

#10
[eluser]Randy Casburn[/eluser]
Yes, I would love to see a full migration to PHP 5 with formal try/catch exception processing. Would be a "more correct" way to handle these things for sure.

<<Randy startles himself awake...realizes he was dreaming and goes back to work>>

Thanks..until then,

Randy


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.