dougu3290
dougu3290
2012-11-30 15:11

重定向不允许的字符

I looked over and over and I couldn't seem to find an answer to what I want, but here goes:

I have a client that is really computer illiterate and I want to ensure that any errors that arise are handled without intervention. The one thing I'm stuck on currently though is the "The URI you submitted has disallowed characters." error.

I don't want to simply allow all the characters to circumvent the error. Instead what I'd like to do is simply redirect to a particular URI when this error happens. For example:

www.local.com/project/login/'''' ---> www.local.com/project/login

I looked at doing it with hooks, but I'd like to be able to specify a custom URL when I want to execute the check.

I was thinking about using a call to a library method which will pull in the characters from the configuration, then redirect based on whether the check passes or not, with the current URL and URI redirect as a parameter. Is this the way to do it, or is there an easier way to manage this?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

2条回答

  • douan4359 douan4359 9年前

    I've read all the comments above - but I think you missed the easy way to do this.

    Just overload the _filter_uri() function, and do whatever you want:

    (Place this file in application/core/MY_URI.php)

    // Normally this is not fully uppercase - but for some reason the URI filename is
    Class MY_URI extends CI_URI
    {
    
    
    /**
     * Filter segments for malicious characters
     *
     * @access  private
     * @param   string
     * @return  string
     */
    function _filter_uri($str)
    {
        if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE)
        {
            if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
            {
                // DO SOMETHING HERE LIKE REDIRECT OR CHANGE THE URL
            }
        }
    
        // Convert programatic characters to entities
        $bad    = array('$',        '(',        ')',        '%28',      '%29');
        $good   = array('$',    '(',    ')',    '(',    ')');
    
        return str_replace($bad, $good, $str);
    }
    
    点赞 7 评论 复制链接分享
  • dongyan3237 dongyan3237 4年前

    This is solution I am using on my project:

    File: application/core/MY_URI.php

    class MY_URI extends CI_URI {
    
        /**
         * Filter URI
         *
         * Filters segments for malicious characters.
         *
         * @param   string  $str
         * @return  void
         */
        public function filter_uri(&$str)
        {
            if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str))
            {
                return preg_replace('~[^a-zA-Z 0-9%.:_\-,()]+~', '', $str);
            }
        }
    }
    
    点赞 评论 复制链接分享

相关推荐