codeigniter不允许的字符错误 [英] codeigniter disallowed characters error

问题描述

如果我尝试访问此网址 http：//localhost/common/news/33/+%E0%B0%95%E0%B1%87%E0%B0%B8.html ，则会显示遇到的错误，您提交的URI不允许使用字符。我设置$ config ['permitted_uri_chars'] ='a-z 0-9〜％。：?? _ = + - ？ ..//我该怎么办？

if i trying to access this url http://localhost/common/news/33/+%E0%B0%95%E0%B1%87%E0%B0%B8.html , it shows an An Error Was Encountered, The URI you submitted has disallowed characters. I set $config['permitted_uri_chars'] = 'a-z 0-9~%.:??_=+-?' ; ..// WHat i do ?

推荐答案

是的，如果你想允许非ASCII字节，你必须添加它们到 permitted_uri_chars 。这个功能对URL解码的字符串（通常，除非有一些不寻常的环境），所以你必须在字符串中放入你想要的逐字节字节，而不只是％和十六进制数字。 （是的，我说字节： _filter_uri 不使用Unicode正则表达式，所以你不能使用Unicode范围。）

Yeah, if you want to allow non-ASCII bytes you would have to add them to permitted_uri_chars. This feature operates on URL-decoded strings (normally, unless there is something unusual about the environment), so you have to put the verbatim bytes you want in the string and not merely % and the hex digits. (Yes, I said bytes: _filter_uri doesn't use Unicode regex, so you can't use a Unicode range.)

尝试过滤输入值（而不是输出的值）是一个可笑的基本错误，它是令人沮丧的在一个流行的框架中找到。您可以通过将 permitted_uri_chars 设置为空字符串来关闭这个误导功能，或者您可能想要除控制代码之外的所有字节的范围（ \x20 -\xFF）。不幸的是， _filter_uri 函数仍然有一些输入的疯狂，疯狂，破碎的东西，HTML编码一些标点符号在一些未知的奇怪的原因。

Trying to filter incoming values (instead of encoding outgoing ones) is a ludicrously basic error that it is depressing to find in a popular framework. You can turn this misguided feature off by setting permitted_uri_chars to an empty string, or maybe you would like a range of all bytes except for control codes ("\x20-\xFF"). Unfortunately the _filter_uri function still does crazy, crazy, broken things with some input, HTML-encoding some punctuation on the way in for some unknown bizarre reason. And you don't get to turn this off.

这与破解的反XSS管理器一起，使我相信CodeIgniter团队有相当不好的理解的字符串转义和安全问题实际工作。我不会相信他们在安全方面说的任何话。

This, along with the broken "anti-XSS" mangler, makes me believe the CodeIgniter team have quite a poor understanding of how string escaping and security issues actually work. I would not trust anything they say on security ever.

这篇关于codeigniter不允许的字符错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！