This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
CodeIgniter Disallowed Key Characters
I have a bit of an issue with a form I'm trying to submit, its dynamic and the checkbox values come from the database, only problem is that one of the fields has a # and when I try to submit the form, it returns 'disallowed key characters'.
How do i make it ok to submit a # ?
It's hardcoded into the Input class in the function _clean_input_keys().
Just create a MY_Input class and override the function.
/**
* Clean Keys
*
* This is a helper function. To prevent malicious users
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
* #access private
* #param string
* #return string
*/
function _clean_input_keys($str)
{
// if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) <---- DEL
if ( ! preg_match("/^[#a-z0-9:_\/-]+$/i", $str)) // <----INS
{
exit('Disallowed Key Characters.');
}
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE)
{
$str = $this->uni->clean_string($str);
}
return $str;
}
As per your question it seems that you are using get as a method in the form and because of that it is giving disallowed key characters error.
To allow the character # just add it in the following in your CONFIG file -
$config['permitted_uri_chars'] = '\#';
And now the character # will be allowed in the url.
replace :
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
with this :
if ( ! preg_match("/^[#a-z0-9:_|\/-]+$/i", $str))
in system/core/input.php
Related
In Extbase usually I handle form validation myself within the controller, especially when I need advanced scenarios, but now I've simple, but large form with many fields, so I decided not to waste time and just use TYPO3's validators. So far so good in general it works, anyway I cannot force Extbase to trim values before validation and in result Extbase saves lot of spaces... so it's invalid, sample:
/**
* #var string
* #validate StringLength(minimum=2, maximum=255)
* #validate NotEmpty
*/
protected $fooName = '';
As I said I've tens of fields and would love to avoid manual validating it... is there any solution?
Note: I tried extbase_filter ext, which would be great solution if it worked (unfortunately doesn't take any effect at TYPO3 ver.: 6.2.6.
Also for obvious reasons using JS for trimming values before form send isn't a solution too.
You can do trim-ing inside your set* methods. Validation in Extabase's MVC process happens after set-ers invoked.
So, your example would be:
/**
* #var string
* #validate StringLength(minimum=2, maximum=255)
* #validate NotEmpty
*/
protected $fooName = '';
public function setFooName($fooName)
{
$this->fooName = trim($fooName);
}
codeigniter 3.0 like query add ESCAPE '!'
example:
$this->db->select('*');
$this->db->from('sample');
$this->db->like('col','val%val2');
$this->db->get()->result_array();
CI produces the query like following
SELECT * FROM `sample` WHERE `col` LIKE '%val!%val2%' ESCAPE '!'
But I expected it
SELECT * FROM `sample` WHERE `col` LIKE '%val%val2%'
How can I achieve that?
After searching I found that the answer, it will remove '!' ESCAPE sign from query
$this->db->like('category_name', $string,'both',false);
AT CI-2 it produce the result as expected.But CI-3 Producing result as you said.May be it should be improve.
After some research I found solution where you need to set some config inside system/database/DB_driver.php
Open the the DB_driver.php go to line 340 and 347. You will find like this
protected $_like_escape_str = " ESCAPE '%s' ";
/**
* ESCAPE character
*
* #var string
*/
protected $_like_escape_chr = '!';
Change them to empty like following
protected $_like_escape_str = "";
/**
* ESCAPE character
*
* #var string
*/
protected $_like_escape_chr = '';
I tried to write like this
{ "keys": ["ctrl+shift+;"], "command": { "characters": "/**#var*/", "block": true} }
But seem it totally not achieving what the simplest thing I try to do.
What I want the shortcut to do is that once triggered, I wish to enter text formatted like this
/**
*#var
*/
Does anyone know how to define such custom shortcut?
Thank you very much!
There are two ways to do this, depending on what functionality you want. If all you want is to print exactly what you indicated, then create the following snippet:
<snippet>
<content><![CDATA[
/**
* #var $0
*/
]]></content>
<tabTrigger>vardoc</tabTrigger>
</snippet>
To do so, create a new file with XML syntax, paste the above exactly as shown, then save the file as Packages/User/vardoc.sublime-snippet where Packages is the directory opened when you select Preferences -> Browse Packages. To trigger the snippet, type vardoc and hit Tab. Your cursor will be positioned where the $0 is in the snippet.
This should work fine, except you'll have to type * if you need a new line, and there's nothing intelligent about it. Instead, what I'd recommend is DocBlockr, a Sublime Text plugin that auto-generates documentation for several languages, including PHP. Typing /** and hitting Tab or Enter will give you
/**
* |
*/
Where | is your cursor position (this is also a built-in Sublime feature, I believe). It can also auto-document functions. If you have
function foo(MyClass $cls,
Array $arr,
$num=42,
$val=false,
$str="sweet function, dude!") {
return $something;
}
and you place your cursor on the line above the function definition and type /** and hit Tab, you'll get
/**
* [foo description]
* #param MyClass $cls
* #param Array $arr
* #param integer $num
* #param boolean $val
* #param string $str
* #return [type]
*/
with [foo description] highlighted so you can enter your own description. Hitting Tab again will subsequently highlight MyClass, Array, etc. so you can alter them if you wish.
More to your question, you can declare a variable
var $foobar = "I love unicorns";
Placing your cursor above that declaration and entering /** Tab will give you
/**
* [$foobar description]
* #var string
*/
There are other features of DocBlockr as well, check out the link above for more details.
I hope this helps!
I have the same problem as the people below, but the solutions offered for them does not work for me.
CodeIgniter - disallowed key characters
CodeIgniter Disallowed Key Characters
Disallowed key characters error message in Codeigniter (v2)
I get "Disallowed Key Characters" when I submit a form.
I have CSRF protection enabled, and I am using arrays in my form field names (i.e., search[] as the name as there are multiple selection dropdown options). I have a feeling it is the "[]" in the form name that bothers this form.
I have followed all advice I could see in the posts above.
I disabled CSRF temporarily,
I disabled XSS temporarily,
I edited $config['permitted_uri_chars'] and
I edited Input.php where this message is generated.
Anybody has any additional ideas of what could cause this problem on form submission?
Thanks!
Like my answer here — you just need to update the regex in MY_Input->_clean_input_keys() to allow more characters (eg escaped JSON, or escaped HTML/XML)
Allow just 'English': !preg_match("/^[a-z0-9\:\;\.\,\?\!\#\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)
Allow Chinese Characters: !preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\#\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)
My full working function looks like this:
public function _clean_input_keys($str) {
// NOTE: \x{4e00}-\x{9fa5} = allow chinese characters
// NOTE: 'i' — case insensitive
// NOTE: 'u' — UTF-8 mode
if (!preg_match("/^[a-z0-9\x{4e00}-\x{9fa5}\:\;\.\,\?\!\#\#\$%\^\*\"\~\'+=\\\ &_\/\.\[\]-\}\{]+$/iu", $str)) {
/**
* Check for Development enviroment - Non-descriptive
* error so show me the string that caused the problem
*/
if (is_env_dev()) {
var_dump($str);
}
exit('Disallowed Key Characters.');
}
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE) {
return $this->uni->clean_string($str);
}
return $str;
}
my_helper.php
if (!function_exists('is_env_dev')) {
function is_env_dev() {
return (
defined('ENVIRONMENT') && strtolower(ENVIRONMENT) == 'development' ||
defined('ENVIRONMENT') && strtolower(ENVIRONMENT) == 'testing'
);
}
}
Thanks, but I found a comment hidden way below (right at the bottom at the time of this writing) on another post here: CodeIgniter Disallowed Key Characters
The comment suggested that I add $str to the exit() comment to test. This indicated that I had a missing double quote in my form fields. It is a very complex form built up dynamically, with 300 lines of code, so easy to miss.
Hope this answer (and the comment that inspired it) helps someone else.
Validating the source of the output could prevent problems such as this one :-)
Regards
I'm searching how to hide the time and show only the date in the "new order" email:
I have seen that it's generated with this code :
({{var order.getCreatedAtFormated(''long'')}})
but I don't find a solution how to show only the date.
Thanks for help.
Supported formatting types are: long, medium , full, short
thanks for the comment:
HOW SHOULD I HELP MYSELF FINDING THIS OUT
first thing if you don't know how to interact wit method search for it in codebase as this reveals in what file the method is defined and you can see what parameters it takes in and how it processes the parameters
grep ' getCreatedAtFormated' app/code/ -rsn
app/code/core/Mage/Sales/Model/Order.php:1988: public function getCreatedAtFormated($format)
ok, now we found that file , open up and see the line 1988 has the method
/**
* Get formated order created date in store timezone
*
* #param string $format date format type (short|medium|long|full)
* #return string
*/
public function getCreatedAtFormated($format)
{
return Mage::helper('core')->formatDate($this->getCreatedAtStoreDate(), $format, true);
}
cool now you see it is actually using core helper's formatDate method. Go ahead open up that file
app/code/core/Mage/Core/Helper/Data.php:135: public function formatDate($date=null, $format='short', $showTime=false)
you can see from grep that it takes in third parameter that you can't pass to that method as it wraps this with forced in value.
So your solution is to use the helper and get the variable order.getCreatedAtStoreDate() and pass it to helpers formatting method