PHP5.3.1环境下CI提示The URI you submitted has disallowed characters.错误

yangyankan 发表于 2010-8-19 21:37:15

不知道为什么换了PHP5.1.1没有任何问题。

yangyankan 发表于 2010-8-19 21:50:04

是不是CI不允许form 以get的方式提交数据？但是我也就是一个登陆框
以下是view的源码
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="utf-8">
<head>
<title><?php echo IMS_NAME;?>-登录</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
<link href="<?php echo base_url()?>css/login.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript" src="<?php echo base_url()?>js/jquery.js"></script>
<script language="JavaScript"> var base_url = '<?php echo base_url()?>'; </script>
<script language="javascript">

//表单提交前验证
function beforeSubmit()
{
$(':input.x-form-required').trigger('blur');
var numWarnings = $('.x-form-invalid').length;
if (numWarnings) {
return false;
}
return true;
};

$(document).ready(function() {

$('#name').focus();

var $loadingIndicator = $('<img/>')
   .attr({
   'src': base_url+'images/large-loading.gif',
   'alt': 'Loading. Please wait.'
   })
   .addClass('wait')
   .appendTo($('body'))
   .hide();

$('#sbm').click( function(){
if (beforeSubmit()){
   $.post("<?php echo site_url('login/check_user')?>", $('#form').serialize(), function(data) {
      if(data==1){
   $loadingIndicator.show();
         window.location.href = "<?php echo site_url('frameset')?>";
      }else if(data==2){
         $('.error-msg').show();
   }else if ( data == 3){

   $loadingIndicator.show();
         window.location.href = "<?php echo site_url('registor')?>";
}

   });
}
});

var $tooltip = $('<div id="tooltip"></div>').appendTo('body').hide();
var positionTooltip = function(event) {
var tPosX = event.pageX;
var tPosY = event.pageY + 3;
$tooltip.css({top: tPosY, left: tPosX});
};
var showTooltip = function(event,errorMessage) {
$tooltip
   .text(errorMessage)
   .show();
positionTooltip(event);
};
var hideTooltip = function() {
$tooltip.hide();
};
$('form :input')
.focus(function() {
   $(this).addClass('x-form-focus');
})
.blur(function() {
   $(this).removeClass('x-form-focus x-form-invalid');
   if ($(this).hasClass('x-form-required') && this.value == '') {
   $(this).addClass('x-form-invalid');
$('.error-msg').hide()

   }
}).hover(
function (event) {
   if ($(this).hasClass('x-form-invalid')){
   var errorMessage = '该项不能为空';
   showTooltip(event,errorMessage);
   }
},
function (event) {
   hideTooltip();
}
);
});

</script>

</head>

<bodyclass=" x-border-layout-ct" style="position: relative;" >
<div id="login">
<div class="theme">
<form id="form" method="post" action="<?php echo site_url('login/check_user')?>" >
   <div class="x-form-item" >
   <labelstyle="width: 55px;color:dimgray;" class="x-form-item-label">用户名:</label>
   <div class="x-form-element"style="padding-left: 30px;">
   <input style="width: 222px;" class="x-form-text x-form-field x-form-required" size="20"name="name" id="name" type="text" value="yyk" >
   </div>
   <div class="x-form-clear-left"></div>
   </div>
   <div class="x-form-item" >
   <labelstyle="width: 55px;color:dimgray;" class="x-form-item-label">密    码:</label>
   <div class="x-form-element"style="padding-left: 30px;">
   <input style="width: 222px;" class="x-form-text x-form-field x-form-required" size="20"name="password" id="password" type="password" value="111111" >
   </div>
   <div class="x-form-clear-left"></div>
   </div>
   <div style="text-align:center;width:100%;">
      <input id="sbm" value="登录" class="sbm"type="button">
   </div>
   <input type="hidden" name="act" value="signin" />
</form>
<div class="error-msg">用户名或者密码错误</div>
</div>
</div>

</body>
</html>

yangyankan 发表于 2010-8-19 22:05:58

这是控制器
<?php
/**
* 登陆
*
*
*/
class Login extends Controller
{
/**
* 构造函数
*
*
*/
function __construct()
{
   parent::Controller();
}

// --------------------------------------------------------------------

/**
* 登陆界面
*
*
*/
function index()
{

$data = array();

   $this->load->view('_login',$data);
}

// --------------------------------------------------------------------

/**
* 登陆检验
*
*
*/
function signin()
{
   if($this->input->post('act')=='signin'){

//接受客户端数据
$name = $this->input->post('name');
$password = $this->input->post('password');

// 把数据提交给模型
$this->load->model('admin_user_model');
$this->admin_user_model->name = $name;
$this->admin_user_model->password = $password;

if ($user = $this->admin_user_model->signin()){

            // session记录登陆者信息
            $users = array(
               'name'=> $user['name'],
   'id'=> $user['id'],
   'role_id'=> $user['role_id'],
   'action_list'=> $user['action_list'],
               'logged_in' => TRUE
            );
            $this->session->set_userdata($users);

   echo 1;
   //redirect('frameset');

// 用户名称和密码不匹配
}else{
echo 2;
//show_message2('用户名称或者密码错误!', 'login');
}

//非法登陆
}else{
redirect('login');
}
}

}

yangyankan 发表于 2010-8-19 22:22:45

自己Google后解决了，PHP5.3下preg_quote函数对“-”也进行了转义
还是老外牛逼，下面是他写的文档

Fixed: “The URI you submitted has disallowed characters.” error CodeIgniter

I started up a development project today after upgrading to snow leopard, and none of the codeigniter links worked.they all said “The URI you submitted has disallowed characters.”Why?This hadnt happened before, same project what changed?

Snow leopard upgraded my php dev environment to 5.3 from 5.2.6And a few things have changed since then.Namely php bug #47229 “preg_quote should escape “-” (minus) as well” was fixed. (technically in 5.2.8)CodeIgniter checks uri for allowed characters to prevent some bad things.But the use preg_quote to convert the allowed list of character to something usable in a regular expression.Now the minus “-”, or I’d call it a dash (but I know there is a longer character for that)gets escaped in preg_quote with a backslash “\”.That cause the expression “a-z 0-9″ to be converted to “a\-z 0\-9″ which will not work in a regex.

How to fix it. (assuming codeigniter 1.7)

1) in codeigiter system/libraries openURI.phpline 189 you’ll find

if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", rawurlencode($str)))

Change that to:

if ( ! preg_match("|^[".($this->config->item('permitted_uri_chars'))."]+$|i", rawurlencode($str)))

Note we removed the preg_quote().Now in your system/application/config/config.php filelook for line 126 (unless you’ve added a lot to you config will be around there somewhere)

Change the line

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-';

to:

$config['permitted_uri_chars'] = 'a-z 0-9~%\.\:_\-';

we’re now preparing our allowed character string in the config file and skipping preg_quote.And that’s it.Now your uri should work

loveci 发表于 2012-2-14 13:24:17

我在system/libraries 目录下的URL.PHP 中没有找到if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", rawurlencode($str)))呀？

Hex 发表于 2012-2-14 13:34:50

楼主用的是老版本的 CI 吧？2.0.0 以后的应该已经修复这个问题了，建议用新版CI

yunnysunny 发表于 2012-2-14 15:27:27

这个问题，我很早就发现了：
http://codeigniter.org.cn/forums/thread-6003-1-1.html

页: [1]

CodeIgniter 中国开发者社区's Archiver

PHP5.3.1环境下CI提示The URI you submitted has disallowed characters.错误