Codeigniter - Prohibited key, corrective code

Question

Codeigniter - Prohibited key, corrective code

Our site was hit by a ddos attack, and some rejected cookies were sent. We use the CodeIgniter structure. Since it is not practical to ask our users to clear their cookies, I was wondering what would have consequences for changing the next function in the kernel. The cookies that create the error take the form:

__utmt_~1

Original function:

if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
    exit('Disallowed Key Characters.');
}

What are the possible side effects if I change it to allow ~? I know that here to prevent malicious users, and I want to make sure that this will not have undesirable consequences.

if ( ! preg_match("/^[a-z0-9:_\/-\~]+$/i", $str))
{
    exit('Disallowed Key Characters.');
}

+4

cookies codeigniter google-analytics

user2694306 Oct 08 '14 at 19:12

source share

2 answers

trungnnh · Answer 1 · 2015-07-01T03:04:12+0000

, CI

application/core/MY_Input.php

php, $config ['subclass_prefix'] "MY _"

<?php
if (!defined('BASEPATH'))
    exit('No direct script access allowed');

class MY_Input extends CI_Input {

    function _sanitize_globals() {

        // Avoid error come from cookie __utmt_~1, it set by Google Analatics
        foreach($_COOKIE as $key => $val) {
            if (strpos($key, '~') !== false) {
                unset($_COOKIE[$key]);
            }
        }

        parent::_sanitize_globals();
    }
}

Nicolas Durán · Answer 2 · 2014-10-29T15:36:14+0000

@Kristian , , :

, , CodeIgniter , , , , CodeIgniter.

Codeigniter - Prohibited key, corrective code

More articles: