1.7.2 Disallowed characters

[eluser]FranckRR[/eluser]
Hello all,

I've red some topics on this subject.

I understand that if $_COOKIES contains unallowed characters, CI would prevent me to face further issue.

But why the HTTP code is 200 ?

I was expecting a 400 Bad Request instead as the request can be redone without modification.

More generally all the exit() or die() in the framework mustn't return HTTP 200 because that means we haven't faced an issue.

My solution was to extend MY_Input, set header("HTTP 400") before exiting ...

Genrally speaking, CI is a little bit uncomplete on error management

[eluser]stuffradio[/eluser]
You do know there is a variable in config for disallowed chars right? I'm not sure exactly why it is saying you have disallowed characters, but that is a place that lets you add more characters.

Look in config.php

Code:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';

[eluser]FranckRR[/eluser]
Yes I know where to define the allowed or not characters but this is not the point.

I do agree with CI to disallow the '$' character for instance my complaint is about how the application exits.

When something goes wrong, you have to let it now in HTTP manner thus returning the adequate code.