Allow characters that are generated from urlencode() into the query string? |
[eluser]taewoo[/eluser]
Hi all. I am building my home-brewed search function... what I'm doing is passing the query string from a form with POST... which goes to a controller function that redirects to another controller function as part of query string.* To do this, I urlencode() the query string ... for example "san jose, ca" turns into "san+jose,+ca" But i've noticed that this results in this error Code: The URI you submitted has disallowed characters. which is in /system/libraries/Router.php _filter_uri() method ... (and the allowed characters are defined in /system/application/config/config.php) I have two questions 1) How do I allow "+" character (I've tried just appending "+" and "\+" but that doesn't work)? 2) Is this a huge security risk? What are some of the risks? * Reason for doing this is so that I can have people bookmark or add the search results page to their blog / website /etc... which, as you all know, is not possible with POST forms.
[eluser]Armchair Samurai[/eluser]
This doesn't answer your questions per se, but here's something that might be helpful: I came across the same problem recently and eventually wrote a small library to encode the query in base64, thus avoiding CI's default security protocol. It solved my main problem, allowing queries to be bookmarked, but it doesn't produce a human readable URL (i.e. "http://foo.bar/controller/function/your query" vs. "http://foo.bar/controller/function/eW91citxdWVyeTswOzs7Mzsx:0").
[eluser]jamesf[/eluser]
Just had the same problem and found this thread that helped me out.
[eluser]Unknown[/eluser]
[quote author="Armchair Samurai" date="1203583316"]This doesn't answer your questions per se, but here's something that might be helpful: I came across the same problem recently and eventually wrote a small library to encode the query in base64, thus avoiding CI's default security protocol. It solved my main problem, allowing queries to be bookmarked, but it doesn't produce a human readable URL (i.e. "http://foo.bar/controller/function/your query" vs. "http://foo.bar/controller/function/eW91citxdWVyeTswOzs7Mzsx:0").[/quote] Armchair Samurai please can you tell me how u made the human unreadable urls? I need that. Thanks |
Welcome Guest, Not a member yet? Register Sign In |