CodeIgniter Disallowed Key Characters
CodeIgniter is giving me a Disallowed Key Characters
error. I've narrowed it down to the name attribute of a form field: name='prod[50-4121.5]'
but I'm not sure what to do about it.
Solution 1:
The problem is you are using characters not included in the standard Regex. Use this:
!preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\@\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)
As per the comments (and personal experience) you should not modify they Input.php
file — rather, you should create/use your own MY_Input.php
as follows:
<?php
class MY_Input extends CI_Input {
/**
* Clean Keys
*
* This is a helper function. To prevent malicious users
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
* Extended to allow:
* - '.' (dot),
* - '[' (open bracket),
* - ']' (close bracket)
*
* @access private
* @param string
* @return string
*/
function _clean_input_keys($str) {
// UPDATE: Now includes comprehensive Regex that can process escaped JSON
if (!preg_match("/^[a-z0-9\:\;\.\,\?\!\@\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)) {
/**
* Check for Development enviroment - Non-descriptive
* error so show me the string that caused the problem
*/
if (getenv('ENVIRONMENT') && getenv('ENVIRONMENT') == 'DEVELOPMENT') {
var_dump($str);
}
exit('Disallowed Key Characters.');
}
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE) {
$str = $this->uni->clean_string($str);
}
return $str;
}
}
// /?/> /* Should never close php file - if you have a space after code, it can mess your life up */
++Chinese Character Support
// NOTE: \x{4e00}-\x{9fa5} = allow chinese characters
// NOTE: 'i' — case insensitive
// NOTE: 'u' — UTF-8 mode
if (!preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\@\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str) { ... }
// NOTE: When Chinese characters are provided in a URL, they are not 'really' there; the browser/OS
// handles the copy/paste -> unicode conversion, eg:
// 一二三 --> xn--4gqsa60b
// 'punycode' converts these codes according to RFC 3492 and RFC 5891.
// https://github.com/bestiejs/punycode.js --- $ bower install punycode
Solution 2:
Open libraries/Input.php
(system/core/Input.php
in CI version 2.0+) and locate function _clean_input_keys($str){
, The whole block should look like so:
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
exit('Disallowed Key Characters.');
}
return $str;
}
Modify the PCRE sot that it allows the new chars.
Please not that the char thats missing is the .
(dot) and you should always escape the .
(dot) in Regular Expressions as they will otherwise allow any single char.
/^[a-z0-9:_\/-\.]+$/i
Solution 3:
To use CodeIgniter with jQuery Ajax, use "Object" as data instead of Query string as below:
$.ajax({
url: site_url + "ajax/signup",
data: ({'email': email, 'password': password}), //<--- Use Object
type: "post",
success: function(response, textStatus, jqXHR){
$('#sign-up').html(response);
},
error: function(jqXHR, textStatus, errorThrown){
console.log("The following error occured: "+
textStatus, errorThrown);
}
});
Solution 4:
I had the same error after I posted a form of mine. I simply missed the opening quote in one of my input name attributes. I had:
<input name=first_name">
Fixing that got rid of the error.