permitted_uri_chars and $_GET

[eluser]taewoo[/eluser]
@Edemilson Lima

In /system/application/config.php, I tried this

Code:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-+';

and this

Code:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-\+';

For both, I get this error:

Code:

A PHP Error was encountered

Severity: Warning

Message: preg_match() [function.preg-match]: Compilation failed: range out of order in character class at offset 18

Filename: libraries/Router.php

Line Number: 408

[eluser]Edemilson Lima[/eluser]
When you want to allow the minus (-) in your URI, it must be the last or the first character in your regular expression. In your string you are referencing all ASCII characters from "_" to "\". This will not work.

[eluser]taewoo[/eluser]
So how do i enable "+"?

I tried this (recommended from Derek Allard's page):

Code:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_=+-'

NO luck either... same error

[eluser]rustyvz[/eluser]
[quote author="Edemilson Lima" date="1203546522"][quote author="rustyvz" date="1203537694"]But remember, POSTs (aka form submissions) cannot be bookmarked(and work), so your search result would not be bookmarkable.[/quote]

You can bookmark it if you send the form via POST to a controller where you get the fields with $this->input->post() and then redirect() the input as segments to another controller. So, when you make the redirect(), you rebuild the URL with the search string as a segment.[/quote]

So, you are saying to take the POST, redirect it to a properly formatted URL, and then have the person bookmark that?

So your routine would have to look for:
- The POSTed data
OR
- A GET URL with the data included

Is that right? Sounds like it would be a pain. But code is like that sometimes to allow flexibility...

[eluser]Edemilson Lima[/eluser]
I think is much better use base64_encode() insted of url_encode().
Base64 encoded strings only have letters, numbers and the equal sign (=).

For example, your view could have a form like this to search a forum messages:

Code:

<form action="search/forward" method="post">
<input type="text" name="search_field" size="20" value="<?=$lastsearch?>">
<input type="submit" value="Search">
</form>

At your search controller you will have:

Code:

class Search extends Controller {

  function Search() {
    parent::Controller();
    $this->load->model('forum_model','forum');
  }

  function forward() {
    $search_string=$this->input->post('search_field');
    redirect('search/results/'.base64_encode($search_string));
  }

  function results($search_string) {
    $search_string=base64_decode($search_string);
    $data['results']=$this->forum->get_results($search_string);
    $this->load->view('search_results_view',$data);
  }
}

Add the equal sign to the URI allowed characters.

It is not too painful, I think.

[eluser]taewoo[/eluser]
@Edemilson Lima

How do i enable “+”?

(scroll up to see my original question)

[eluser]Edemilson Lima[/eluser]
In a regular expression, the characters

Code:

^ . + * ( | ) [ - ] \ ? { } $

are special characters. To use them you must escape with a backslash.
You can find more info about Regular Expressions at:

http://en.wikipedia.org/wiki/Regular_expression

http://www.amk.ca/python/howto/regex/

http://www.regular-expressions.info/

[eluser]taewoo[/eluser]
@Edemilson Lima

Sorry to be bugging you about this, but i tried "\+" and "\\+"... none of them seem to work. ANy other suggestions?

[eluser]Edemilson Lima[/eluser]
I don't know exactly what is wrong. What error message do you got?
The line that check this in CI is at /system/libraries/URI.php:

Code:

if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", $str))
{
  exit('The URI you submitted has disallowed characters.');
}

Looking at this line, I see that is not necessary to escape the special characters. The preg_quote() function will do this for you. But I don't know why they used preg_match() to do this. It could be done with an eregi() instead. Maybe preg_match() is faster, I don't know. If you look at the line above you will notice that the allowed characters string is enclosed between the brackets "[" and "]". In a regular expression, some special characters work different when enclosed by brackets. The minus (-) sign is to specify a sequence of characters in the ASCII table. For example "a-z" (all letters from A to Z) or "0-9" (all digits from zero to nine). To use the minus as an allowed character you must place it at the end of the string. The other special characters (except the "^" in the beggining of the string enclosed in brackets) are not considered special.

We could try to change the line above to:

Code:

if ( ! eregi("^[".$this->config->item('permitted_uri_chars'))."]+$", $str))

May it works as expected, allowing only the characters in the string, but make changes in a core library is not the best thing to do.

[eluser]taewoo[/eluser]
I think you mean..

Code:

if ( ! eregi("^[".$this->config->item('permitted_uri_chars')."]+$", $str))

Notice the placement of closing parenthesis.
Still doesn't work.... same error regardless of either:

Code:

$config['permitted_uri_chars'] = '+a-z 0-9~%.:_-';

or

Code:

$config['permitted_uri_chars'] = '\+a-z 0-9~%.:_-';