CodeIgniter is giving me a Disallowed Key Characters error. I've narrowed it down to the name attribute of a form field: name='prod[50-4121.5]' but I'm not sure what to do about it.
This question is related to
codeigniter
In my case, i was serializing an input form using jquery serialize() and then urlencoding it using encodeURIComponent().
var datas = form.serialize();
encodeURIComponent(datas);
$.getJSON(url,datas,function(){});
and codeigniter was giving the disallowed character error.
i figured the issue here was, jquery serialize gives an encoded output and i was again encoding it with the encodeURIcomponent which was unnecessary, and when codeingiter decoded it it was not getting the actual string as some part was encoded twice. i will explain it with an example.
string: quantity[]=1&option=sell
urlencoded while serializing: quantity%5B%5D%3D1%26option%3Dsell
again urlencoded with encodedURICompontent(): quantity%255B%255D%253D1%2526option%253Dsell
---at codeigntier
urldecode: quantity%5B%5D=1&option=sell
which has disallowed charecters as per the input class regex.
note: this is not an answer to this question, but would help to check if one is encountering this error...thanks.
Open libraries/Input.php (system/core/Input.php in CI version 2.0+) and locate function _clean_input_keys($str){,
Modify if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) to if ( ! preg_match("/^[a-z0-9:_\-|]+$/i", $str))
In Ubuntu, you can solve the problem by clearing the cookies of your browser. I had the same problem and solved it this way.
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
exit('Disallowed Key Characters.');
}
return $str;
}
Please add .$str to exit('Disallowed Key Characters.'); Like: exit('Disallowed Key Characters. '.$str);
to help you in your search for rogue errors.
I have the same problem and I've found it is in domain name of the email address which is somehow changed from . to _ like: name@domain_com instead [email protected]
Step1. Search for function _clean_input_keys on /system/core/Input.php
Step2. Modify this line
exit(‘Disallowed Key Characters.’);
to
exit(‘Disallowed Key Characters.’ . $str);
Step3. Refresh page to see the characters which generate the error
Step4. If you need to add those characters into the exception list, just add to this line
if ( ! preg_match(“/^[a-z0-9:_/-]+$|/i”, $str))
I add | (pipe) character on the example above
In my experience, it could be caused by uncompleted syntax, like :
$('#teks').val
instead of
$('#teks').val()
I had this issue but my problem was that I by mistake added a space before the name of the input like so:
<input type="text" name=" evening_time_phone">
When it shpuld be like this:
<input type="text" name="evening_time_phone">
The error I referenced was generated in system/libraries/Input.php (about line 215 - look for function _clean_input_keys($str).
The regex there does not allow for the dot character in an index. I changed it so it would.
Replace the below Code in the _clean_input_keys function
if ( ! preg_match("/^[a-z0-9:_\/-]+$|/i", $str))
{
exit('Disallowed Key Characters.\n');
}
if (UTF8_ENABLED === TRUE)
{
$str = $this->uni->clean_string($str);
}
return $str;
I got this error when sending data from a rich text editor where I had included an ampersand. Replacing the ampersand with %26 - the URL encoding of ampersand - solved the problem. I also found that a jQuery ajax request configured like this magically solves the problem:
request = $.ajax({
"url": url,
type: "PUT",
dataType: "json",
data: json
});
where the object json is, surprise, surprise, a JSON object containing a property with a value that contains an ampersand.
I had the same error after I posted a form of mine. I simply missed the opening quote in one of my input name attributes. I had:
<input name=first_name">
Fixing that got rid of the error.
I had the same error after I posted a form of mine. they have a space in to my input name attributes. input name=' first_name'
Fixing that got rid of the error.
In most of the cases when you have a existing software and you are trying to deploy in a new enviroment this kind of error should be caused by the PHP property
short_open_tag
Check if you have enabled in your new enviroment. In other words PHP couldn't read the tags in your code.
Took a while to figure this one out. Seems most of us missed the obvious error…the last “-” is not escaped.
Adding the . and | as I’ve seen other suggest may work for you, but the regex was supposed to be:
if ( ! preg_match("/^[a-z0-9:_\/\-\.|]+$/i", $str))
I had the same problem thanks to french specials characters. Here is my class in case anybody needs it. It has to be saved here : /application/core/MY_Input.php
(also this extension will report witch character is not allowed in the future)
class MY_Input extends CI_Input {
function __construct()
{
parent::__construct();
}
/**
* Clean Keys
*
* This is a helper function. To prevent malicious users
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
* @access private
* @param string
* @return string
*/
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-àâçéèêëîôùû]+$/i", $str))
{
exit('Disallowed Key Characters : '.$str);
}
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE)
{
$str = $this->uni->clean_string($str);
}
return $str;
}
}
Read The Friendly Manual about core classes extension : http://ellislab.com/codeigniter/user-guide/general/core_classes.html
Php will evaluate what you wrote between the [] brackets.
$foo = array('eins', 'zwei', 'apples', 'oranges');
var_dump($foo[3-1]);
Will produce string(6) "apples", because it returns $foo[2].
If you want that as a string, put inverted commas around it.
To use CodeIgniter with jQuery Ajax, use "Object" as data instead of Query string as below:
$.ajax({
url: site_url + "ajax/signup",
data: ({'email': email, 'password': password}), //<--- Use Object
type: "post",
success: function(response, textStatus, jqXHR){
$('#sign-up').html(response);
},
error: function(jqXHR, textStatus, errorThrown){
console.log("The following error occured: "+
textStatus, errorThrown);
}
});
Open libraries/Input.php (system/core/Input.php in CI version 2.0+) and locate function _clean_input_keys($str){, The whole block should look like so:
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
exit('Disallowed Key Characters.');
}
return $str;
}
Modify the PCRE sot that it allows the new chars.
Please not that the char thats missing is the .(dot) and you should always escape the .(dot) in Regular Expressions as they will otherwise allow any single char.
/^[a-z0-9:_\/-\.]+$/i
i saw this error when i was trying to send a form, and in one of the fields' names, i let the word "endereço".
echo form_input(array('class' => 'form-control', 'name' => 'endereco', 'placeholder' => 'Endereço', 'value' => set_value('endereco')));
When i changed 'ç' for 'c', the error was gone.
Source: Stackoverflow.com