Changes are made at your own risk and are not guaranteed to work. Always make backups of the database and files prior to implementing hacks. Make a special backup of the file and/or template you are modifying so that you can roll back quickly.
Hacks are dangerous and can cause your site to stop working. They make later updates to ExpressionEngine more difficult; you should track your hacks for post-update re-implementation.
Most hacks are unnecessary, please review the Development Documentation for information on expanding ExpressionEngine via Modules, Extensions, and Plugins.
Hacks are never officially supported.
There is a strange feature that can prevent you from using ExpressionEngine to generate pages to be viewed on small format devices otherwise known as mobile phones.
The feature has to do with the fact that some WAP gateways throw a cookie and Expression Engines will reject the cookie if it has a dollar sign in it - which seems to be the default mode for most if not all WAP gateways, giving you a “disallowed key character” response.
We recently spent a lot of time tracking down this bug (its actually a feature ... that ensures security to make sure users don’t drop malicious cookies on you) on our site and so I wanted to share what we learned with the EE community.
First, there are multiple ways you could go about this ... but what we did is used entries and templates with parsing on the entries turned to “none”.
Our .wml templates looked something like this
<?php
header ("Content-Type: text/vnd.wap.wml");
?><?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN"
"http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
{exp:weblog:entries weblog="mobile" limit="1"}
<card id="{url_title}" title="{title}">
<p>
<img src="http://www.getmobio.com/logo176.gif" alt="mobio" />
</p>
<p><strong>{title}</strong><br/><br/>
<img src="http://www.getmobio.com/download3.gif" alt="download here" /><br/>
<a href="http://www.getmobio.com/download/mobio">Download Here</a><br/><br/>
{body}</p>
<p>{download1}</p>
<p><small>{url_title}</small></p>
{/exp:weblog:entries}
</card>
</wml>
Note the php statement at the top that forcing the .wml MIME type.
This will work on most but not all phones. On some phones you’ll get a “disallowed key character” error type.
On these phones you need to hack core and the suggested hacks are two fold.
First, hack the disallowed key character error such that instead of faulting out entirely, you get a descriptive error message. Go into core.input.php and change the line that around line 417 like so:
FROM
function clean_input_keys($str)
{
if ( ! ereg("^[A-Za-z0-9\:\_\/\-]+$", $str))
{
exit('Disallowed Key Characters');
TO
function clean_input_keys($str)
{
if ( ! ereg("^[A-Za-z0-9\:\_\/\-]+$", $str))
{
exit('Disallowed Key Characters '.$str);
Second, follow the hack recommended by LatecomerX like so:
Replace line 138
$_COOKIE[$this->clean_input_keys($key)] = $REGX->xss_clean($this->clean_input_data($val));
with
if (substr($key, 0, 4) == 'exp_') {
$_COOKIE[$this->clean_input_keys($key)] = $REGX->xss_clean($this->clean_input_data($val));
}
Note this forces Expression Engine to only check cookies with the prefix “exp”.
Finally - for security reasons go ahead and turn cookies off within Expression Engines and use Sessions ONLY. I think this will ensure security but I’m not sure. What I do know for a fact is that these two hacks together will enable you to debug any further disallowed key character errors that may come up w/r/t mobile implementation AND will allow you to publish .wml (and for that matter .xhtml MP) pages from within Expression Engines.
Your alternative is to allow $ inside your forms but this is usually not a good thing from a security perspective.
Category:Mobile
Category:HowTo
Category:Hacks