I have the same problem as the people below, but the solutions offered for them does not work for me.
CodeIgniter - disallowed key characters
CodeIgniter Disallowed Key Characters
Disallowed key characters error message in Codeigniter (v2)
I get "Disallowed Key Characters" when I submit a form.
I have CSRF protection enabled, and I am using arrays in my form field names (i.e., search[] as the name as there are multiple selection dropdown options). I have a feeling it is the "[]" in the form name that bothers this form.
I have followed all advice I could see in the posts above.
I disabled CSRF temporarily,
I disabled XSS temporarily,
I edited $config['permitted_uri_chars'] and
I edited Input.php where this message is generated.
Anybody has any additional ideas of what could cause this problem on form submission?
Thanks!
Like my answer here — you just need to update the regex in MY_Input->_clean_input_keys() to allow more characters (eg escaped JSON, or escaped HTML/XML)
Allow just 'English': !preg_match("/^[a-z0-9\:\;\.\,\?\!\#\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)
Allow Chinese Characters: !preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\#\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)
My full working function looks like this:
public function _clean_input_keys($str) {
// NOTE: \x{4e00}-\x{9fa5} = allow chinese characters
// NOTE: 'i' — case insensitive
// NOTE: 'u' — UTF-8 mode
if (!preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\#\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)) {
/**
* Check for Development enviroment - Non-descriptive
* error so show me the string that caused the problem
*/
if (is_env_dev()) {
var_dump($str);
}
exit('Disallowed Key Characters.');
}
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE) {
return $this->uni->clean_string($str);
}
return $str;
}
my_helper.php
if (!function_exists('is_env_dev')) {
function is_env_dev() {
return (
defined('ENVIRONMENT') && strtolower(ENVIRONMENT) == 'development' ||
defined('ENVIRONMENT') && strtolower(ENVIRONMENT) == 'testing'
);
}
}
Thanks, but I found a comment hidden way below (right at the bottom at the time of this writing) on another post here: CodeIgniter Disallowed Key Characters
The comment suggested that I add $str to the exit() comment to test. This indicated that I had a missing double quote in my form fields. It is a very complex form built up dynamically, with 300 lines of code, so easy to miss.
Hope this answer (and the comment that inspired it) helps someone else.
Validating the source of the output could prevent problems such as this one :-)
Regards
Related
I Guys
In forms I use,
onKeyUp="this.value = this.value.toUpperCase()"
To force upper-case. However for such as name fields. How do you force the upper letter to be upper-case only while the user is typing. I know INITCAP will do that but need to do as user is typing, if that makes sense.
Any help will be much appreciated.
This is a javascript question then, not and Oracle or APEX question. It shouldn't make any difference what the environment is as long as you have access to the DOM events with javascript functions. e.g. http://www.w3schools.com/jsref/event_onkeyup.asp
If you do a search there are lots of examples to Initcap a string in javascript, just pass in the string and reset the item in the dom e.g.
function capitalizeEachWord(str) {
return str.replace(/\w\S*/g, function(txt) {
return txt.charAt(0).toUpperCase() + txt.substr(1).toLowerCase();
});
}
I tried to solve this problem.
For that I created JavaScript function which check first letter capital ,if not then it display alert and revert text.
please check following code for text item:
function checkUpper()
{
var x = $x("P6_TEXT");
if (x.value.trim().substring(0,1) != x.value.trim().substring(0,1).toUpperCase()) {
alert ('First letter Must be in upper case');
x.value = x.value.trim().substring(0,x.value.trim().length-1).toString();
}
}
And set item P6_TEXT attribute as
onKeyUp="checkUpper();"
In the field custom attributes put this JS code:
onKeyUp="this.value = this.value.substring(0,1).toUpperCase()+this.value.substring(1).toLowerCase();"
You could use content modifiers from Universal Theme https://apex.oracle.com/pls/apex/apex_pm/r/ut/content-modifiers
I needed text in a page item to be uppercase and under Advanced I set the css classe to
u-textUpper
u-textInitCap - Sets The First Letter In Each Word To Use Uppercase
I'm facing an issue with CKEditor 4, I need to have an output without any html entity so I added config.entities = false; in my config, but some appear when
an inline tag is inserted: the space before is replaced with
text is pasted: every space is replaced with even with config.forcePasteAsPlainText = true;
You can check that on any demo by typing
test test
eg.
Do you know how I can prevent this behaviour?
Thanks!
Based on Reinmars accepted answer and the Entities plugin I created a small plugin with an HTML filter which removes redundant entities. The regular expression could be improved to suit other situations, so please edit this answer.
/*
* Remove entities which were inserted ie. when removing a space and
* immediately inputting a space.
*
* NB: We could also set config.basicEntities to false, but this is stongly
* adviced against since this also does not turn ie. < into <.
* #link http://stackoverflow.com/a/16468264/328272
*
* Based on StackOverflow answer.
* #link http://stackoverflow.com/a/14549010/328272
*/
CKEDITOR.plugins.add('removeRedundantNBSP', {
afterInit: function(editor) {
var config = editor.config,
dataProcessor = editor.dataProcessor,
htmlFilter = dataProcessor && dataProcessor.htmlFilter;
if (htmlFilter) {
htmlFilter.addRules({
text: function(text) {
return text.replace(/(\w) /g, '$1 ');
}
}, {
applyToAll: true,
excludeNestedEditable: true
});
}
}
});
These entities:
// Base HTML entities.
var htmlbase = 'nbsp,gt,lt,amp';
Are an exception. To get rid of them you can set basicEntities: false. But as docs mention this is an insecure setting. So if you only want to remove , then I should just use regexp on output data (e.g. by adding listener for #getData) or, if you want to be more precise, add your own rule to htmlFilter just like entities plugin does here.
Remove all but not <tag> </tag> with Javascript Regexp
This is especially helpful with CKEditor as it creates lines like <p> </p>, which you might want to keep.
Background: I first tried to make a one-liner Javascript using lookaround assertions. It seems you can't chain them, at least not yet. My first approach was unsuccesful:
return text.replace(/(?<!\>) (?!<\/)/gi, " ")
// Removes but not <p> </p>
// It works, but does not remove `<p> blah </p>`.
Here is my updated working one-liner code:
return text.replace(/(?<!\>\s.)( (?!<\/)|(?<!\>) <\/p>)/gi, " ")
This works as intended. You can test it here.
However, this is a shady practise as lookarounds are not fully supported by some browsers.
Read more about Assertions.
What I ended up using in my production code:
I ended up doing a bit hacky approach with multiple replace(). This should work on all browsers.
.trim() // Remove whitespaces
.replace(/\u00a0/g, " ") // Remove unicode non-breaking space
.replace(/((<\w+>)\s*( )\s*(<\/\w+>))/gi, "$2<!--BOOM-->$4") // Replace empty nbsp tags with BOOM
.replace(/ /gi, " ") // remove all
.replace(/((<\w+>)\s*(<!--BOOM-->)\s*(<\/\w+>))/gi, "$2 $4") // Replace BOOM back to empty tags
If you have a better suggestion, I would be happy to hear 😊.
I needed to change the regular expression Imeus sent, in my case, I use TYPO3 and needed to edit the backend editor. This one didn't work. Maybe it can help another one that has the same problem :)
return text.replace(/ /g, ' ');
I have this command to check for valid email address. I just found out that when I try to add this to our email server (all email requests off this form are local email addresses), the email server does not allow a numeric character to start the email address/username. I have read through all the documentation for the command preg_match and cannot find how to make it fail if it starts with a numeric in the first character location. I am a newbie so any help would be appreciated.
if (!preg_match("(^[-\w\.]+#([-a-z0-9]+\.)+[a-z]{2,4}$)i", $in_email))
In php you can use following code with php filter_var function which return a boolean after filtering the variable with a specified filter condition.
if(filter_var($email,FILTER_VALIDATE_EMAIL))
{
//valid email
}
else{
//INVALID EMAIL
}
The function filter_var will return true if email is in correct format otherwise false.
Try this one;
/^[^0-9][_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/
And use as follows
$regex = '/^[^0-9][_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if (preg_match($regex, $email)) {
// Valid email
} else {
// Invalid email
}
If we have domains without dots this answers does not work. For this case I changed from:
/^[^0-9][_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/
To:
/^[^0-9][_a-z0-9-]+(\.[_a-z0-9-]+)*#([a-z0-9-]{2,})+(\.[a-z0-9-]{2,})*$/
Update: The user #Toto saw correctly one problem with regex that can start with any chars instead off numeric. And example like: #-----.--.---.----#-- was validate. So I changed /^[^0-9] for /^[a-z] and now is correct:
/^[a-z][_a-z0-9-]+(\.[_a-z0-9-]+)*#([a-z0-9-]{2,})+(\.[a-z0-9-]{2,})*$/
And work for these use cases:
user#domain
aa#aa
aa#aa.aa
aa.aa#aa
Curious if anyone knows if codeigniter's form validation built in max_length[n] and min_length[n] functions count unicode characters as 1 character or the sum of all the characters used symbolize the unicode character?
I noticed when I var_dump the string it counts all the characters, just wondering if code igniter or php has a built in function to count unicode characters?
Thanks.
You can make your own callback validation:
$this->form_validation->set_rules('rule', 'The rule', 'callback_checkUnicode');
And the check the unicode string>
public function checkUnicode($string)
{
if (strlen($string) != strlen(utf8_decode($string)))
{
//is unicode: add your own counter condition here
return true;
}
return false
}
Codeigniter uses php's mb_strlen if it's available on your php installation which allows for an encoding parameter to be passed along, otherwise it defaults to php's basic strlength which doesn't allow you to pass the string encoding along. The trouble is that CI doesn't give you the ability to pass along the possible encoding for max_length[n]...
If you need it to compensate for the encoding, you might be better served rolling your own validation with just raw php.
how do i pass a large string as a variable in codeigniter? i am trying show the user an article, if the article has more than 800 characters and less than 3044 characters i am showing it in a jquery pop up window, and if the article is more than 3044 charcters i want to pass the article body and title through the url to a controller function.
here is what i have tried:
<?php
if(strlen($home_content[1]['content'])>800 && strlen($home_content[1]['content'])<3044)
{
$substr=substr($home_content[1]['content'],0,786);
echo $substr.'<p id="button"><i>read more...</i></p>';
}
else if(strlen($home_content[1]['content'])<800)
{
echo $home_content[1]['content'];
}
else
{
$substr=substr($home_content[1]['content'],0,786);
echo $substr.'<br/>';
echo anchor('site/read_article/'.$home_content[1]['title'].$home_content[1]['content'],'<i>read more...</i>');
}
?>
and this is the url after passing the data:
http://192.168.1.111/my_project/site/read_article/title%20mid%20left%3Cp%3Etesttesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lifesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lifesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.%20True%20Mirror,%20can%20come%20to%20life.ife.%20True%20Mirror,%20can%20come%20to%20life.ife.%3C/p%3E%3Cp%3E%C2%A0%3C/p%3E%3Cp%3Etesttesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lifesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lifesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.%20True%20Mirror,%20can%20come%20to%20life.ife.%20True%20Mirror,%20can%20come%20to%20life.ife.%3C/p%3E%3Cp%3Etesttesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20lBut%20we%20have%20already%20arrivesafOnly%20True%20Light,%20reflected%20in%20a%20True%20Mirror,%20can%20come%20to%20life.ife.testtesthave%20already%20arrivesafOnly%20True%20Light,%3C/p%3E.html
and i get this error message:
An Error Was Encountered
The URI you submitted has disallowed characters.
how do i do it correctly? the url looks very messy, how do pass the string and still have a clean url? please help me with it.
Why not pass the article ID instead? You could then access the article through the controller function, count the characters and decide the method of display.
Alternatively, you could use CI's Session Flashdata to pass the article title/body to the next controller and access it that way.
The URI is failing as security is set up to deny specific characters being passed in the URL. This is for your protection, but, although not recommended, could be disabled in the config files if required.