我尝试了线程中发布的几乎所有方法。
我的网址如下:www.example.com/twilio_sms/update_status 许多帖子都有解释要编辑
if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
到
if ( ! preg_match("|^[".($this->config->item('permitted_uri_chars'))."]+$|i", rawurlencode($str)))
但是在该页面上会导致404错误。
/system/core/URI.php:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
* @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
* @filesource
*/
// ------------------------------------------------------------------------
/**
* URI Class
*
* Parses URIs and determines routing
*
* @package CodeIgniter
* @subpackage Libraries
* @category URI
* @author ExpressionEngine Dev Team
* @link http://codeigniter.com/user_guide/libraries/uri.html
*/
class CI_URI {
var $keyval = array();
var $uri_string;
var $segments = array();
var $rsegments = array();
/**
* Constructor
*
* Simply globalizes the $RTR object. The front
* loads the Router class early on so it's not available
* normally as other classes are.
*
* @access public
*/
function __construct()
{
$this->config =& load_class('Config', 'core');
log_message('debug', "URI Class Initialized");
}
// --------------------------------------------------------------------
/**
* Get the URI String
*
* @access private
* @return string
*/
function _fetch_uri_string()
{
if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
{
// If the URL has a question mark then it's simplest to just
// build the URI string from the zero index of the $_GET array.
// This avoids having to deal with $_SERVER variables, which
// can be unreliable in some environments
if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
{
$this->uri_string = key($_GET);
return;
}
// Is there a PATH_INFO variable?
// Note: some servers seem to have trouble with getenv() so we'll test it two ways
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
if (trim($path, '/') != '' && $path != "/".SELF)
{
$this->uri_string = $path;
return;
}
// No PATH_INFO?... What about QUERY_STRING?
$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
if (trim($path, '/') != '')
{
$this->uri_string = $path;
return;
}
// No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
$path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO'));
if (trim($path, '/') != '' && $path != "/".SELF)
{
// remove path and script information so we have good URI data
$this->uri_string = $path;
return;
}
// We've exhausted all our options...
$this->uri_string = '';
}
else
{
$uri = strtoupper($this->config->item('uri_protocol'));
if ($uri == 'REQUEST_URI')
{
$this->uri_string = $this->_parse_request_uri();
return;
}
$this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
}
// If the URI contains only a slash we'll kill it
if ($this->uri_string == '/')
{
$this->uri_string = '';
}
}
// --------------------------------------------------------------------
/**
* Parse the REQUEST_URI
*
* Due to the way REQUEST_URI works it usually contains path info
* that makes it unusable as URI data. We'll trim off the unnecessary
* data, hopefully arriving at a valid URI that we can use.
*
* @access private
* @return string
*/
function _parse_request_uri()
{
if ( ! isset($_SERVER['REQUEST_URI']) OR $_SERVER['REQUEST_URI'] == '')
{
return '';
}
$request_uri = preg_replace("|/(.*)|", "\\1", str_replace("\\", "/", $_SERVER['REQUEST_URI']));
if ($request_uri == '' OR $request_uri == SELF)
{
return '';
}
$fc_path = FCPATH.SELF;
if (strpos($request_uri, '?') !== FALSE)
{
$fc_path .= '?';
}
$parsed_uri = explode("/", $request_uri);
$i = 0;
foreach(explode("/", $fc_path) as $segment)
{
if (isset($parsed_uri[$i]) && $segment == $parsed_uri[$i])
{
$i++;
}
}
$parsed_uri = implode("/", array_slice($parsed_uri, $i));
if ($parsed_uri != '')
{
$parsed_uri = '/'.$parsed_uri;
}
return $parsed_uri;
}
// --------------------------------------------------------------------
/**
* Filter segments for malicious characters
*
* @access private
* @param string
* @return string
*/
function _filter_uri($str)
{
if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE)
{
// preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards
// compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern
if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
{
show_error('The URI you submitted has disallowed characters.', 400);
}
}
// Convert programatic characters to entities
$bad = array('$', '(', ')', '%28', '%29');
$good = array('$', '(', ')', '(', ')');
return str_replace($bad, $good, $str);
}
// --------------------------------------------------------------------
/**
* Remove the suffix from the URL if needed
*
* @access private
* @return void
*/
function _remove_url_suffix()
{
if ($this->config->item('url_suffix') != "")
{
$this->uri_string = preg_replace("|".preg_quote($this->config->item('url_suffix'))."$|", "", $this->uri_string);
}
}
// --------------------------------------------------------------------
/**
* Explode the URI Segments. The individual segments will
* be stored in the $this->segments array.
*
* @access private
* @return void
*/
function _explode_segments()
{
foreach(explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val)
{
// Filter segments for security
$val = trim($this->_filter_uri($val));
if ($val != '')
{
$this->segments[] = $val;
}
}
}
// --------------------------------------------------------------------
/**
* Re-index Segments
*
* This function re-indexes the $this->segment array so that it
* starts at 1 rather than 0. Doing so makes it simpler to
* use functions like $this->uri->segment(n) since there is
* a 1:1 relationship between the segment array and the actual segments.
*
* @access private
* @return void
*/
function _reindex_segments()
{
array_unshift($this->segments, NULL);
array_unshift($this->rsegments, NULL);
unset($this->segments[0]);
unset($this->rsegments[0]);
}
// --------------------------------------------------------------------
/**
* Fetch a URI Segment
*
* This function returns the URI segment based on the number provided.
*
* @access public
* @param integer
* @param bool
* @return string
*/
function segment($n, $no_result = FALSE)
{
return ( ! isset($this->segments[$n])) ? $no_result : $this->segments[$n];
}
// --------------------------------------------------------------------
/**
* Fetch a URI "routed" Segment
*
* This function returns the re-routed URI segment (assuming routing rules are used)
* based on the number provided. If there is no routing this function returns the
* same result as $this->segment()
*
* @access public
* @param integer
* @param bool
* @return string
*/
function rsegment($n, $no_result = FALSE)
{
return ( ! isset($this->rsegments[$n])) ? $no_result : $this->rsegments[$n];
}
// --------------------------------------------------------------------
/**
* Generate a key value pair from the URI string
*
* This function generates and associative array of URI data starting
* at the supplied segment. For example, if this is your URI:
*
* example.com/user/search/name/joe/location/UK/gender/male
*
* You can use this function to generate an array with this prototype:
*
* array (
* name => joe
* location => UK
* gender => male
* )
*
* @access public
* @param integer the starting segment number
* @param array an array of default values
* @return array
*/
function uri_to_assoc($n = 3, $default = array())
{
return $this->_uri_to_assoc($n, $default, 'segment');
}
/**
* Identical to above only it uses the re-routed segment array
*
*/
function ruri_to_assoc($n = 3, $default = array())
{
return $this->_uri_to_assoc($n, $default, 'rsegment');
}
// --------------------------------------------------------------------
/**
* Generate a key value pair from the URI string or Re-routed URI string
*
* @access private
* @param integer the starting segment number
* @param array an array of default values
* @param string which array we should use
* @return array
*/
function _uri_to_assoc($n = 3, $default = array(), $which = 'segment')
{
if ($which == 'segment')
{
$total_segments = 'total_segments';
$segment_array = 'segment_array';
}
else
{
$total_segments = 'total_rsegments';
$segment_array = 'rsegment_array';
}
if ( ! is_numeric($n))
{
return $default;
}
if (isset($this->keyval[$n]))
{
return $this->keyval[$n];
}
if ($this->$total_segments() < $n)
{
if (count($default) == 0)
{
return array();
}
$retval = array();
foreach ($default as $val)
{
$retval[$val] = FALSE;
}
return $retval;
}
$segments = array_slice($this->$segment_array(), ($n - 1));
$i = 0;
$lastval = '';
$retval = array();
foreach ($segments as $seg)
{
if ($i % 2)
{
$retval[$lastval] = $seg;
}
else
{
$retval[$seg] = FALSE;
$lastval = $seg;
}
$i++;
}
if (count($default) > 0)
{
foreach ($default as $val)
{
if ( ! array_key_exists($val, $retval))
{
$retval[$val] = FALSE;
}
}
}
// Cache the array for reuse
$this->keyval[$n] = $retval;
return $retval;
}
// --------------------------------------------------------------------
/**
* Generate a URI string from an associative array
*
*
* @access public
* @param array an associative array of key/values
* @return array
*/
function assoc_to_uri($array)
{
$temp = array();
foreach ((array)$array as $key => $val)
{
$temp[] = $key;
$temp[] = $val;
}
return implode('/', $temp);
}
// --------------------------------------------------------------------
/**
* Fetch a URI Segment and add a trailing slash
*
* @access public
* @param integer
* @param string
* @return string
*/
function slash_segment($n, $where = 'trailing')
{
return $this->_slash_segment($n, $where, 'segment');
}
// --------------------------------------------------------------------
/**
* Fetch a URI Segment and add a trailing slash
*
* @access public
* @param integer
* @param string
* @return string
*/
function slash_rsegment($n, $where = 'trailing')
{
return $this->_slash_segment($n, $where, 'rsegment');
}
// --------------------------------------------------------------------
/**
* Fetch a URI Segment and add a trailing slash - helper function
*
* @access private
* @param integer
* @param string
* @param string
* @return string
*/
function _slash_segment($n, $where = 'trailing', $which = 'segment')
{
$leading = '/';
$trailing = '/';
if ($where == 'trailing')
{
$leading = '';
}
elseif ($where == 'leading')
{
$trailing = '';
}
return $leading.$this->$which($n).$trailing;
}
// --------------------------------------------------------------------
/**
* Segment Array
*
* @access public
* @return array
*/
function segment_array()
{
return $this->segments;
}
// --------------------------------------------------------------------
/**
* Routed Segment Array
*
* @access public
* @return array
*/
function rsegment_array()
{
return $this->rsegments;
}
// --------------------------------------------------------------------
/**
* Total number of segments
*
* @access public
* @return integer
*/
function total_segments()
{
return count($this->segments);
}
// --------------------------------------------------------------------
/**
* Total number of routed segments
*
* @access public
* @return integer
*/
function total_rsegments()
{
return count($this->rsegments);
}
// --------------------------------------------------------------------
/**
* Fetch the entire URI string
*
* @access public
* @return string
*/
function uri_string()
{
return $this->uri_string;
}
// --------------------------------------------------------------------
/**
* Fetch the entire Re-routed URI string
*
* @access public
* @return string
*/
function ruri_string()
{
return '/'.implode('/', $this->rsegment_array()).'/';
}
}
// END URI Class
/* End of file URI.php */
/* Location: ./system/core/URI.php */
/application/config/config.php
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-?';
$config['allow_get_array'] = TRUE;
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
当我从浏览器复制网址时,它就像:
https://example.com/twilio_sms/update_status%E2%80%8F
应该是这样的:
https://example.com/twilio_sms/update_status
为什么要添加额外的字符?
答案 0 :(得分:1)
不要乱用核心文件.. 您可以编写自己的函数来清理URL 阅读这篇文章http://www.florian-hacquebart.eu/?p=161
答案 1 :(得分:0)
不确定这是否对您有所帮助......但我做了一些修改,以检查核心文件中显示错误的实际不允许的字符..
path > system>core>Input.php // arounrd line 561
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
exit('Disallowed Key Characters.'.$str); //added str to print the $str that was causing the problem
}
.....
你可以这样做来检查它是否是下划线(_)..或其他导致错误的字符......同样你可以更改你的配置文件..
希望这会有所帮助