Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Last URI segment is zero (/0) -> error Disallowed characters
Last URI segment is zero (/0) -> error Disallowed characters
  • Offline Datenshi
    Newbie
  • *
  • Posts: 7
    Threads: 3
    Joined: May 2017
    Reputation: 1
#1
05-22-2017, 02:44 AM

Hi All,

I tried to find a solution for this issue but nothing worked. When my REST api URI request is, ex. https://serverip/meeting/userlist/0

I always get the error "The URI you submitted has disallowed characters”. I have even tried to leave this parameter in the config file blank:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-+';

But I get the same error.

Is not allowed to have a 0 at the end of the URI as unique content of that segment? Because I need that to retrieve user with id = 0.

Thanks a lot.
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,328
    Threads: 291
    Joined: Oct 2014
    Reputation: 235
#2
05-22-2017, 10:20 AM

You need to show your code or we cannot help you.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline Datenshi
    Newbie
  • *
  • Posts: 7
    Threads: 3
    Joined: May 2017
    Reputation: 1
#3
05-22-2017, 05:54 PM

(05-22-2017, 10:20 AM)InsiteFX Wrote: You need to show your code or we cannot help you.

Hi, thanks for your reply, but it does not seem to be a code issue, because I can input any URL like:

https://myip:myport/meeting/userlist/0 -> Should be functional but fails and throw a Disallowed chars error (if I replace 0 with any other number it works fine)

https://myip:myport/meetserlist/0 -> wrong URL that also outputs the same error

So my guess is that there is a problem if the last char in the URL is a zero, but I need that as a user id...

As I said I tried to modify the config, but it doesn't matter, even if I leave  $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-+'; empty I get the same error.

Thanks again.
Reply
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#4
05-23-2017, 02:29 AM
(This post was last modified: 05-23-2017, 02:38 AM by Narf. Edit Reason: Fix a typo; add a note )

$config['permitted_uri_chars'] is used as a PCRE character class pattern. So here's a theory based on that ...

With the last character in there being a dash, it looks for a dash. However, when a dash is between two characters, it triggers a range search. So ... when you append the + (plus) sign after the dash, you get:

Code:
[_-+] // a range between underscore and plus in the ASCII table

You might be thinking "So what? Zeros are already allowed previously via 0-9", and you'd be correct, but that's not the problem. The problem is that the plus sign has a lower ASCII number than the underscore, and ranges don't work backwards, so '_-+' is invalid and triggers a PCRE compilation failure, which in turn means the entire check fails and nothing is actually allowed.

You would see this if you had error_reporting enabled and/or looked at the error logs.

There's one more little detail though, and why I started by saying this is a theory ... This doesn't happen if you only append the plus sign to the default pattern - the dash is not only the last character, but also escaped with a backslash - as you'd have this instead:

Code:
[_\-+] // Underscore, dash and plus sign as individual characters; not a range

Your opening post doesn't include the backslash in the pattern, I guess because you thought it was an actual character to be allowed and removed it.
However, that's not the case with your second post:

(05-22-2017, 05:54 PM)Datenshi Wrote: As I said I tried to modify the config, but it doesn't matter, even if I leave  $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-+'; empty I get the same error.

This can't be true ... this pattern would work, flawlessly. While writing this reply, you must've copied the pattern from somewhere else, not from your own configuration.

Edit: I just saw that you've posted the same question on StackOverflow ... Don't do this in the future.

If you're seeking help, pick a place to ask for it. This is a community, not a "fishing" ground.
Reply
  • Offline Datenshi
    Newbie
  • *
  • Posts: 7
    Threads: 3
    Joined: May 2017
    Reputation: 1
#5
05-23-2017, 08:44 PM

Hi Again,

finally I solved it. I found that long time ago we commented a check related to UTF8 encodig in URI.php

Code:
if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str))

And we only left the first condition. We had some code issues that seem not to reproduce after revert that comment. And /0 now works fine.

So sorry, at the end it was a problem related to our own modifications.

About posting in two different places, I'm sorry if somehow it bothered you, it was not the intention. It was urgent and to give more visibility to this issue I posted in a more generic forum like StackOverflow and a dedicated community like this one. I will not do it in the future. 

Thanks.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB