Thread

I keep getting an error: “The URI you submitted has disallowed characters.”. The URL is

<a href="http://iiusa.anuary.com/en/membership-application/">http://iiusa.anuary.com/en/membership-application/</a>?

.

I’ve already made changes in the /ee/system/expressionengine/config/conig.php config file:

$config['permitted_uri_chars'] = '?a-z 0-9~%.:_\\-';

Are there any more configs I should be aware of that can trigger this error?

p.s. Hardly relevant, though:

$config['uri_protocol'] = 'REQUEST_URI';

& it is a must.

Hi Gajus,

Can you explain what you are needing to do with the “?” ? I ask, because there may be an ExpressionEngine way that will solve the issue for you. In the meantime, have you tried protecting the question mark with a “\” so:

$config['permitted_uri_chars'] = '\?a-z 0-9~%.:_\\-';

Cheers,

Hi Gajus,

Can you explain what you are needing to do with the “?” ? I ask, because there may be an ExpressionEngine way that will solve the issue for you. In the meantime, have you tried protecting the question mark with a “\” so:

$config['permitted_uri_chars'] = '\?a-z 0-9~%.:_\\-';

Cheers,

Doesn’t help. Leaving “permitted_uri_chars” empty didn’t help as well. Then I decided to look at the EE core, and this is what I’ve discovered:

if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE)
{  
 // preg_quote() in PHP 5.3 escapes -, so the str_replace() is to maintain backwards compatibility as
 // many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern
 if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str))
 {
  show_error('The URI you submitted has disallowed characters.', 400);
 }
}

$str = str_replace(array("\r", "\r\n", "\n", ':',':','/','/'), array('', '', '', ':', ':', '/', '/'), $str);

if (preg_match("#(;|\?|{|}|<|>|http:\/\/|https:\/\/|\w+:/*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $str)) 
{
 show_error('The URI you submitted has disallowed characters.', 400);
}

The error is triggered by the second conditional. Obviously, the latter doesn’t care about “permitted_uri_chars” settings. Furthermore, EE developers, please refer to filter_var($str, FILTER_VALIDATE_URL) rather than this REGEX mess. This however takes me to another error.

The following URL is Page module URL:

<a href="http://iiusa.anuary.com/en/membership-application/">http://iiusa.anuary.com/en/membership-application/</a>

The problem is, that appending literally anything to the end of the URL (e.g. ?get-variable or adding another URL segment) will cause 404. What are my options? It’s pretty stupid of EE developers not to strip out GET variables from URL when matching static page URL [..]

Gajus,

What version and build of EE are you using?
Are you using any add-ons?

Any reason you are using this protocol specifically?

$config['uri_protocol'] = 'REQUEST_URI';

If you set that to the following what happens?

$config['uri_protocol'] = 'PATH_INFO';

Revert your permitted_uri_chars back to this for now please

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\\-';

> What version and build of EE are you using?

2.2.2

> Are you using any add-ons?

Pages only.

> Any reason you are using this protocol specifically?

Yes, it seems to be the only one that works with NGINX.

> Revert your permitted_uri_chars back to this for now please

Done.

Is there a way to catch you on IRC (freenode) or any other way to come into a live conversation? This issue is taking quite a bit of time & personally, without rewriting the core libraries, I didn’t find any other solution.

Gajus,

Having a look over our Requirements, NGINX is not one of our supported platforms. ExpressionEngine isn’t tested in that environment, and we don’t have that environment available for vetting. Therefore we really have no way of knowing how NGINX impacts ExpressionEngine or vice versa.

Cheers

Where exactly in that page does it say that NGINX is not supported or that Apache is the only supported HTTP server?

Gajus,

The User Guide doesn’t use the language “unsupported”. My statement was clearly qualified here:

ExpressionEngine isn’t tested in that environment, and we don’t have that environment available for vetting. Therefore we really have no way of knowing how NGINX impacts ExpressionEngine or vice versa.

We don’t know how ExpressionEngine operates on NGINX because we don’t test on that environment, therefore it is impossible for us to know how NGINX impacts ExpressionEngine functionality. The very nature of that situation limits our ability to provide support for customers using NGINX.

Cheers,