• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
help with uri segment and 404 pages

Hi everybody,

Let's i have my site with the following URL


products is the Class and product_info is the method. If I add a single quote next to product_info like below:


I get some errors like this :

Quote:A PHP Error was encountered
Severity: Notice
Message: Undefined index: product_info'
Filename: controllers/products.php
Line Number: 258

is there some kind of fix to prevent this from happening?

Basically with default setup (not allowing the ' char) and error reporting to 0, like in a production environment you'll get a "The URI you submitted has dissallowed characters" error which is 400 Bad Request error, which is good for such a scenario. They shouldn't type such a uri, and since they did a 400 is ok.

I think you are troubled because you are seeing informative error which in development machine should anyway be visible. But as I said in a production environment there would not be an error displayed and you would normally get the 400.

the problem is, event if I add it in the permitted uri chars, it doesn't work Confused consider this example

http://www.mysite.com/products/[email protected]/194

As you can see, there is an @ sign in the URI, it should give send me to the page not found or something similar.. but that doesn't work :S

I think i misunderstood the concept -____- ... I will come back if everything work

Ok this is my config for URI

$config['permitted_uri_chars'] = 'a-z [email protected]%.:_\-&';


I believe the URL above should send me to page not found or dissallowed characters?

What is the error message you are receiving when you type in http://www.mysite.com/products/product-info/194

Ideally, it should be a "Product not found" error page that you redirect the customer to. Your code in the product-info function should check for invalid characters and react.

This is CI 2.x.x bug. I have same thing, but this mean, you have custom 404 controller defined from router.php config

like this.
$route['404_override'] = 'error/index/';

if i set $route['404_override'] = '' empty, then all thinks works fine.

Basically its a 400 error not a 404.
I don't know if it should be grabbed by 404_override

In such a scenario you would set allow uri chars to empty string so that everything is allowed and you get your 404. But won't you have allowed "malicious" character to pass to your server? Just to get a 404? Would a user type /products/product-info/194 ? And if he did and he made a mistake wouldn't he go to his address bar and correct his mistake?

You would compromise security in favor of a 404?

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.