1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Cookie with URL encoding

Discussion in 'Resolved Bug Reports' started by Mike Creuzer, Aug 6, 2011.

  1. Mike Creuzer

    Mike Creuzer Well-Known Member

    Hello,

    On my site, we use CodeIgniter, which is a common framework. It has a function that searches for all cookies on a given domain. This is the function:

    PHP:
     /**
    * Clean Keys
    *
    * This is a helper function. To prevent malicious users
    * from trying to exploit keys we make sure that keys are
    * only named with alpha-numeric text and a few other items.
    *
    * @access private
    * @param string
    * @return string
    */
    function _clean_input_keys($str)
    {
      if ( ! 
    preg_match("/^[a-z0-9:_\/-]+$/i"$str))
      {
      exit(
    'Disallowed Key Characters.');
      }

      
    // Clean UTF-8 if supported
      
    if (UTF8_ENABLED === TRUE)
      {
      
    $str $this->uni->clean_string($str);
      }

      return 
    $str;
    }
    I noticed while styling themes, my main site would break and leave an error message (Disallowed Key Characters). We were able to figure out exactly what was going on and it was the following cookie causing the issue:

    Code:
    xf_FilterList_admin.php%3Ftemplates%2F
    Its not a huge issue I suppose, but it is rather annoying.

    Thanks a lot!
    Mike Creuzer
    Audentio.com
     
  2. Mike

    Mike XenForo Developer Staff Member

    It may be worth working around this, but I believe this is a bug in CodeIgniter. I'm just looking at RFCs to be clear.
     
  3. Mike

    Mike XenForo Developer Staff Member

    Well, it's not necessarily a bug in CI, more of a strange design decision (IMO). However, the RFCs do allow % in cookie names (which may be decoded to the raw character by the time CI sees it). That said, it's probably still ok to remove special chars.
     
    Mike Creuzer likes this.
  4. Hades

    Hades Member

    <?php
    $title=urlencode('Title of Your iFrame Tab');
    $url=urlencode('http://www.facebook.com/wordpressdesign');
    $summary=urlencode('Custom message that summarizes what your tab is about, or just a simple message to tell people to check out your tab.');
    $image=urlencode('http://www.yourdomain.com/images/share-thumbnail.jpg');
    ?>

    <a onClick="window.open('http://www.facebook.com/sharer.php?s=100&amp;p[title]=<?php echo $title;?>&amp;p[summary]=<?php echo $summary;?>&amp;p=<?php echo $url; ?>&amp;&amp;p[images][0]=<?php echo $image;?>','sharer','toolbar=0,status=0,width=548,height=325');" href="javascript: void(0)">Insert text or an image here.</a>



    Plz convent to xenforo code.


    [/COLOR]
     
  5. Slavik

    Slavik XenForo Moderator Staff Member

    Hi,
    I see you haven't linked your forum account to your license. You can do that in the Forum Users section of the Customer Area here: http://xenforo.com/customers
    Then we will be able to provide forum support.
    Thanks.
    //Slav
     

Share This Page