17

When i'm trying to redirect to other website, i receive this error:

A PHP Error was encountered

Severity: Warning

Message: parse_url(/%22**) [function.parse-url]: Unable to parse URL

Filename: core/URI.php

Line Number: 219

An Error Was Encountered

The URI you submitted has disallowed characters.

This is all the code i have in URI.php

private function _detect_uri()
{
    if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME']))
    {
        return '';
    }

    $uri = $_SERVER['REQUEST_URI'];
    if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0)
    {
        $uri = substr($uri, strlen($_SERVER['SCRIPT_NAME']));
    }
    elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0)
    {
        $uri = substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME'])));
    }

    // This section ensures that even on servers that require the URI to be in the query string (Nginx) a correct
    // URI is found, and also fixes the QUERY_STRING server var and $_GET array.
    if (strncmp($uri, '?/', 2) === 0)
    {
        $uri = substr($uri, 2);
    }
    $parts = preg_split('#\?#i', $uri, 2);
    $uri = $parts[0];
    if (isset($parts[1]))
    {
        $_SERVER['QUERY_STRING'] = $parts[1];
        parse_str($_SERVER['QUERY_STRING'], $_GET);
    }
    else
    {
        $_SERVER['QUERY_STRING'] = '';
        $_GET = array();
    }

    if ($uri == '/' || empty($uri))
    {
        return '/';
    }

    $uri = parse_url($uri, PHP_URL_PATH);

    // Do some final cleaning of the URI and return it
    return str_replace(array('//', '../'), '/', trim($uri, '/'));
}
subrui
  • 191
  • 1
  • 2
  • 14
  • exactly what it says - have you tried to search for that error message in CI source code and follow its path to the regex which check for those characters? I bet changing that regex will solve the issue... – Zathrus Writer Oct 10 '13 at 13:46

3 Answers3

49

CodeIgniter checks all URI segments for disallowed characters. This happens by white listing allowed characters. Which ones are allowed can be checked in /system/application/config/config.php in the $config['permitted_uri_chars'] variable. permitted_uri_chars are the characters that CodeIgniter accepts in your URI.The default value is set to something like.

$config['permitted_uri_chars'] = 'a-z 0-9~%.:&_\-';

By default only these are allowed: a-z 0-9~%.:_-

Leave blank to allow all characters -- but only if you are insane.

%22 comes for ".You can add this in permitted_uri_chars list.

Suvash sarker
  • 3,140
  • 1
  • 18
  • 21
  • 1
    Is it possible to set this on a per-method basis? Meaning, I want to allow the @ for folks submitting an email address but only in one method of a class. I want it disallowed everywhere else without having to check for it in each case. – KCL Oct 12 '15 at 14:05
5

Try this may help but is not recommended, in your application/config/config.php change:

$config['permitted_uri_chars']  = ''; #keep it blank to allow all characters
$config['allow_get_array']       = TRUE;
$config['enable_query_strings'] = TRUE;
Nil'z
  • 7,487
  • 1
  • 18
  • 28
  • 3
    This should not really even be an option, and I think it would be bad education for somebody new to php, or who does not understand security. – Metropolis Jul 24 '15 at 18:16
0

In my case it was a mal-formed URL.

It was like mydomain/route&param=1

Be aware that it should have an interrogation character instead of an "&" at the first parameter. So it should be like this: mydomain/route?param=1&other=2&another=3

Rafael Xavier
  • 956
  • 13
  • 13