Thread

Disallowed Key Characters error

May 08, 2013 10:00pm

Subscribe [8]
  • #1 / May 08, 2013 10:00pm

    krozo

    2 posts

    I have been tasked to add a javascript code from CoreMotives to track webstats. However, when I add the code, the website becomes a white screen with the text “Disallowed Key Characters”. The only way to view the site is to delete the cookies and hit refresh. And then if you want to navigate to a different part of the website, you get the error again, then you gotta delete cookies and hit refresh. It’s a whole big mess. I know that the issue is with the percentage sign in the cookie names. That is what is causing the “Disallowed Key Characters”.

    My question is, how do I fix this? Do I need to update our Security Settings so that percentage signs are allowed? If we do that, is that a bad things? Or does the code need to be re-written so that there won’t be percentage signs? Or are the percentage signs inevitable because the point of the code is to track user visits?

    We need to get this code on our site so I need to know how we can make this work.

    Please help!

    Thanks in advance.

  • #2 / May 09, 2013 5:03am

    PravinS

    123 posts

    Use url_encode(), url_decode() in PHP and use encodeURIComponent(), decodeURIComponent() in JavaScript

  • #3 / May 09, 2013 2:13pm

    krozo

    2 posts

    Thank you for the response. Unfortunately, I am not a web developer so I don’t exactly understand what your suggestion means.

    Use url_encode(), url_decode() in PHP and use encodeURIComponent(), decodeURIComponent() in JavaScript

    We also do not have a web developer on staff. Can you please clarify? Also where exactly would this snippet of code go?

    FYI, here is the code in question that I am trying to implement which would go in the footer template at the very bottom of the page.

    [removed]
    var cmJsHost = (("https:" == document.location.protocol) ? "https://" : "http://");
    var path = "databroker.coremotives.com/DataBroker.js?version=2";
    [removed](unescape("[removed][removed]"));
    [removed]
    [removed]
    try {
                    var coreMotives = new DataBroker();
                    coreMotives.customerId = "5a05bf77-94a0-e211-b5f7-00155d32390f";
                    coreMotives.instanceId = 1454;
                    coreMotives.trackPageView();
    } catch (e) { }
    [removed]
  • #4 / May 10, 2013 10:16pm

    Kevin Cupp's avatar

    Kevin Cupp

    666 posts

    Hi krozo,

    Are you on the latest version of ExpressionEngine? We fixed this issue in EE 2.5.3 so that EE only cleans its own cookies so that you can have other cookes like the ones your webstats tracker is setting. It was a common issue for other folks too so we made that change to help folks out.

    Kevin

  • #5 / May 29, 2013 12:14pm

    Chris Arasin's avatar

    Chris Arasin

    26 posts

    Hi Krozo, I just ran into this problem. The coremotives code I was using had a vertical bar character | in the cookie. In the expressionengin/config/config.php file, there is a $config[‘permitted_uri_chars’] parameter. I added a vertical bar character to this parameter and that seemed to get it working. Maybe someone else can weigh in on any ramifications of adding this to the permitted_uri_chars? And Kevin, I was still getting this issue in version 2.5.3.

    Edit: Perhaps I spoke to soon, still haven’t resolved the issue.

    Edit: OK I got a temporary fix in place. In the system/codeigniter/system/core/input.php file, the _clean_input_keys function does not allow the vertical bar character. I’ve added it here:

    if ( ! preg_match("/^[a-z0-9:_\/-|]+$/i", $str))
      {
       set_status_header(503);
       exit('Disallowed Key Characters.');
      }

    As a note, this is changing a core file, so be aware this may need to be adjusted when updating EE.

  • #6 / Jun 14, 2013 3:55pm

    Chris Arasin's avatar

    Chris Arasin

    26 posts

    Hi Krozo, I just ran into this problem. The coremotives code I was using had a vertical bar character | in the cookie. In the expressionengin/config/config.php file, there is a $config[‘permitted_uri_chars’] parameter. I added a vertical bar character to this parameter and that seemed to get it working. Maybe someone else can weigh in on any ramifications of adding this to the permitted_uri_chars? And Kevin, I was still getting this issue in version 2.5.3.
    Edit: Perhaps I spoke to soon, still haven’t resolved the issue. Edit: OK I got a temporary fix in place. In the system/codeigniter/system/core/input.php file, the _clean_input_keys function does not allow the vertical bar character. I’ve added it here:
    if ( ! preg_match("/^[a-z0-9:_\/-|]+$/i", $str))
      {
       set_status_header(503);
       exit('Disallowed Key Characters.');
      }
    As a note, this is changing a core file, so be aware this may need to be adjusted when updating EE.

    Nope, that didn’t end up working either. Instead I defined the cookie prefix in my config file. This cleared up the problem:

    $config['cookie_prefix'] = 'im_';
  • #7 / Feb 25, 2014 7:27pm

    Michael Rog

    179 posts

    I came across the same error on 2.7.2.

    Adding a cookie_prefix fixed it.

  • #8 / Jul 27, 2014 3:31am

    shandaharper

    1 posts

    This error bugged me for days. Thanks to Derwin Biler’s blog, I found the answer. In the system/codeigniter/system/core/input.php file:

    Find the function _clean_input_keys($str)

    Change:

    exit(‘Disallowed Key Characters.’);

    to:

    exit(‘Disallowed Key Characters.’. $str);

    This will tell you what characters are causing you problems. Then you can follow the suggestions above to add them to the regex string. In my case, I just changed the input’s name.

  • #9 / Nov 26, 2014 11:07pm

    blackmambo

    1 posts

    The answer lies in your browser cookies. I found this entry in mine

    ‘instance0|ab’ Maybe its in your browser. Delete all your cookies and make sure they are gone.

  • #10 / Feb 27, 2017 8:52am

    Roberttraig

    1 posts

    mw4960nn9821tu9331 best place to buy viagra online

ExpressionEngine News

#eecms, #events, #releases