Allow any character in a URL in CodeIgniter

Question

Allow any character in a URL in CodeIgniter

I am using the CodeIgniter PHP framework. I use JS to dynamically load a PHP page:

$('someIFrame').writeAttribute(
   'src',
   '/index.php/controller/method/' +
   escape(userGeneratedString)
);

When I ran this, CodeIgniter gave me this error:

http://192.168.0.81/index.php/controller/method/dude%27s%20face
An Error Was Encountered
The URI you submitted has disallowed characters.

This is completely wrong, because this URL does not contain forbidden characters. My config file allows all characters to be present in this url:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_()@\-';

So, I was upset and just let all the characters prevent the error.

// Leave blank to allow all characters -- but only if you are insane.
// DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
//$config['permitted_uri_chars'] = 'a-z 0-9~%.:_()@\-';
$config['permitted_uri_chars'] = '';

A warning message above this line sounds scary. What could go wrong if all characters are allowed? Will I be hacked?

+5

javascript security url php codeigniter

Jojo Nov 13 '10 at 1:26

source share

1 answer

Juan Cortés · Accepted Answer · 2010-11-13T02:20:22+0000

URL- codeigniter urldecoded, %27 ', , . . , , %27, '.

Allow any character in a URL in CodeIgniter

More articles: