标签 NetBeans 下的文章

CodeIgniter用Xdebug调试的问题:The URI you submitted has disallowed characters.

The URI you submitted has disallowed characters.

最近玩codeigniter,使用netbeans写代码,调试器使用xdebug(貌似netbeans不支持zend debugger?之前用过的zend studio支持zend debugger),写了一个demo,然后ctrl+F5调试的时候,进过(F8)了几步之后出现如图上的问题:"The URI you submitted has disallowed characters.",因为codeigniter对$_GET、$_POST等外来参数有一个“白名单”的机制来加强了安全性,如果你的参数没有加入“白名单”,那肯定是有问题了。 而xdebug调试的时候自动加上了参数 XDEBUG_SESSION_START,所以肯定报错。

http://ci-study/index.php?XDEBUG_SESSION_START=tun-xdebug An Error Was Encountered The URI you submitted has disallowed characters.

在CI 2.0的/application/config/config.php Line 112有以下内容:

/*
|————————————————————————–
| Allowed URL Characters
|————————————————————————–
|
| This lets you specify with a regular expression which characters are permitted
| within your URLs. When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters — but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] =’a-z 0-9~%.:_\-‘;

CI采用了正则表达式的方式来匹配白名单,尽量少的匹配字符串意味着更高的安全性,默认是白名单正则表达式为a-z 0-9~%.:_-

解决方法1

放弃netbeans,使用eclipse+PDT、zend studio等可以使用zend debugger的PHP IDE。(为了一个小问题换IDE有点蛋疼的说)

解决方法2:

$config['permitted_uri_chars'] =’a-z 0-9~%.:_\-‘;

修改为:

$config['permitted_uri_chars'] =’a-z A-Z 0-9~%.:_\-‘;

实际production环境中最好还原到默认的permitted_uri_chars,提高安全性。