I looked over and over and I couldn't seem to find an answer to what I want, but here goes:
I have a client that is really computer illiterate and I want to ensure that any errors that arise are handled without intervention. The one thing I'm stuck on currently though is the "The URI you submitted has disallowed characters." error.
I don't want to simply allow all the characters to circumvent the error. Instead what I'd like to do is simply redirect to a particular URI when this error happens. For example:
www.local.com/project/login/'''' ---> www.local.com/project/login
I looked at doing it with hooks, but I'd like to be able to specify a custom URL when I want to execute the check.
I was thinking about using a call to a library method which will pull in the characters from the configuration, then redirect based on whether the check passes or not, with the current URL and URI redirect as a parameter. Is this the way to do it, or is there an easier way to manage this?
I've read all the comments above - but I think you missed the easy way to do this.
Just overload the _filter_uri() function, and do whatever you want:
(Place this file in application/core/MY_URI.php)
// Normally this is not fully uppercase - but for some reason the URI filename is
Class MY_URI extends CI_URI
{
/**
* Filter segments for malicious characters
*
* @access private
* @param string
* @return string
*/
function _filter_uri($str)
{
if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE)
{
if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
{
// DO SOMETHING HERE LIKE REDIRECT OR CHANGE THE URL
}
}
// Convert programatic characters to entities
$bad = array('$', '(', ')', '%28', '%29');
$good = array('$', '(', ')', '(', ')');
return str_replace($bad, $good, $str);
}
This is solution I am using on my project:
File: application/core/MY_URI.php
class MY_URI extends CI_URI {
/**
* Filter URI
*
* Filters segments for malicious characters.
*
* @param string $str
* @return void
*/
public function filter_uri(&$str)
{
if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str))
{
return preg_replace('~[^a-zA-Z 0-9%.:_\-,()]+~', '', $str);
}
}
}