Redirect on disallowed characters
I've read all the comments above - but I think you missed the easy way to do this.
Just overload the _filter_uri()
function, and do whatever you want:
(Place this file in application/core/MY_URI.php)
// Normally this is not fully uppercase - but for some reason the URI filename isClass MY_URI extends CI_URI{/** * Filter segments for malicious characters * * @access private * @param string * @return string */function _filter_uri($str){ if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE) { if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str)) { // DO SOMETHING HERE LIKE REDIRECT OR CHANGE THE URL } } // Convert programatic characters to entities $bad = array('$', '(', ')', '%28', '%29'); $good = array('$', '(', ')', '(', ')'); return str_replace($bad, $good, $str);}
This is solution I am using on my project:
File: application/core/MY_URI.php
class MY_URI extends CI_URI { /** * Filter URI * * Filters segments for malicious characters. * * @param string $str * @return void */ public function filter_uri(&$str) { if ( ! empty($str) && ! empty($this->_permitted_uri_chars) && ! preg_match('/^['.$this->_permitted_uri_chars.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $str)) { return preg_replace('~[^a-zA-Z 0-9%.:_\-,()]+~', '', $str); } }}