I need to pass an encoded string to a codeigniter controller. Ex: DOSOMETHING/Coldplay/Fix+You/273/X+%26+Y/ My problem is with the percent symbol, has disallowed characters.
I tried to change the config file with:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-+\%';
The + is ok but the % is not valid.
Can you help me to change this reg exp so it will allow % symbol.
Thank you
Put the "-" at the end of the string otherwise it gets interpreted as range. The % is already in the allowed character list as you can see.
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_+-';
Ahem... after looking at your sample string again. Here is why you get "The URI you submitted has disallowed characters".
Short explanation: Add the ampersand & to the allowed characters list
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_+&-';
Long explanation
There are 2 things playing together.
A) CodeIgniter checks all URI segments for disallowed characters. This happens by whitelisting allowed characters. Which ones are allowed can be checked in /system/application/config/config.php in the $config['permitted_uri_chars'] variable. The default value is set to something like 'a-z 0-9~%.:_-'. Thus all letters from a to z, space, all numbers and the following characters ~%.:- are allowed.
Ok let us compare that to your sample URI which you say works
a-z 0-9~%.:_-
DO_SOMETHING/Coldplay/Fix+You/273/X+26+Y/ //note the missing %
All characters are ok... but wait what about the plus sign +? It's not in the list of allowed characters! And yet the URI is not complained about? This is the key to your problem.
B) CodeIgniter urldecodes the URI segments prior to the whitelist-character-check to prevent that someone circumvents the check by simply urlencoding the URI. Thus the + gets decoded to a space. This behaviour is because of urlencode (which encodes spaces as + sign, deviating from RFC 1738). That explains why the + sign is allowed.
These two things combined explain also why this specific URI doesn't work.
urldecode(DO_SOMETHING/Coldplay/Fix+You/273/X+%26+Y/) //evaluates to
//DO_SOMETHING/Coldplay/Fix You/273/X & Y/
Whoops... the urldecoding translates %26 to an &
Which isn't an allowed character. Mistery ;-) solved