允许CodeIgniter中的URL中的任何字符 [英] Allowing any character in the URL in CodeIgniter

问题描述

我使用的是CodeIgniter PHP框架。我使用JS动态加载PHP页面：

I'm using the CodeIgniter PHP framework. I use JS to dynamically load a PHP page:

$('someIFrame').writeAttribute(
   'src',
   '/index.php/controller/method/' +
   escape(userGeneratedString)
);

当我运行这个，CodeIgniter给我这个错误：

When I ran this, CodeIgniter gave me this error:

http://192.168.0.81/index.php/controller/method/dude%27s%20face
An Error Was Encountered
The URI you submitted has disallowed characters.

这是完全不真实的，因为相关网址不包含任何不允许的字符。我的配置文件允许该URL中存在的所有字符：

This is totally untrue because the URL in question did not contain any disallowed characters. My config file allows all the characters present in that URL:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_()@\-';

所以我很沮丧，只是允许所有字符来防止错误。

So I got frustrated and just allowed all characters to prevent the error.

// Leave blank to allow all characters -- but only if you are insane.
// DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
//$config['permitted_uri_chars'] = 'a-z 0-9~%.:_()@\-';
$config['permitted_uri_chars'] = '';

此行上方的警告讯息听起来可怕。允许所有字符可能出错？我会被黑客入侵吗？

The warning message above this line sounds scary. What can possibly go wrong by allowing all characters? Will I get hacked?

推荐答案

codeigniter中的网址为 urldecoded ，因此％27 转换为'，不在允许的字符列表中， 。因此，您需要允许字符一旦解码。
换句话说，通过代码符号看到你％27 ，它已经解码为'。

The urls in codeigniter are urldecoded, so %27 translates to ' which wasn't on your allowed character list and therefore triggered the error. So you need to allow the characters once decoded. In other words, by the time codeigniter sees you %27, it's already decoded into a '.

来源

这篇关于允许CodeIgniter中的URL中的任何字符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！