Percent Symbol in CodeIgniter URI

php regex codeigniter
11,664

Put the "-" at the end of the string otherwise it gets interpreted as range. The % is already in the allowed character list as you can see.

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_+-';

Ahem... after looking at your sample string again. Here is why you get "The URI you submitted has disallowed characters".

Short explanation: Add the ampersand & to the allowed characters list

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_+&-';

Long explanation

There are 2 things playing together.

A) CodeIgniter checks all URI segments for disallowed characters. This happens by whitelisting allowed characters. Which ones are allowed can be checked in /system/application/config/config.php in the $config['permitted_uri_chars'] variable. The default value is set to something like 'a-z 0-9~%.:_-'. Thus all letters from a to z, space, all numbers and the following characters *~%.:_- are allowed.

Ok let us compare that to your sample URI which you say works

a-z 0-9~%.:_-
DO_SOMETHING/Coldplay/Fix+You/273/X+26+Y/   //note the missing %

All characters are ok... but wait what about the plus sign +? It's not in the list of allowed characters! And yet the URI is not complained about? This is the key to your problem.

B) CodeIgniter urldecodes the URI segments prior to the whitelist-character-check to prevent that someone circumvents the check by simply urlencoding the URI. Thus the + gets decoded to a space. This behaviour is because of urlencode (which encodes spaces as + sign, deviating from RFC 1738). That explains why the + sign is allowed.

These two things combined explain also why this specific URI doesn't work.

urldecode(DO_SOMETHING/Coldplay/Fix+You/273/X+%26+Y/) //evaluates to
//DO_SOMETHING/Coldplay/Fix You/273/X & Y/

Whoops... the urldecoding translates %26 to an &

Which isn't an allowed character. Mistery ;-) solved

Share:
11,664
RaduM
Author by

RaduM

I can see what you see not!

Updated on June 07, 2022

Comments

  • RaduM
    RaduM almost 2 years

    I need to pass an encoded string to a CodeIgniter controller.

    Example:

    DOSOMETHING/Coldplay/Fix+You/273/X+%26+Y/

    My problem is the percent symbol that is a disallowed character. I've tried to change the config file with the following:

    $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-\+\%';

    The + is ok, but the % is not valid. Can you help me to change this reg exp so it will allow the % symbol? Thanks in advance!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Codeigniter's regex match
CodeIgniter Routing
Minifying final HTML output using regular expressions with CodeIgniter
Codeigniter Routes regex - using dashes in controller/method names
Where_in in codeigniter
Separate CodeIgniter public folder
CodeIgniter: form_input as readonly
SSL connection has been closed unexpectedly
onchange using ajax, codeigniter, dropdown
preg_replace of "Word" in a sentence and "Word." on the end of a sentence