Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p><strike>If you want to include only Arabic characters you can include unicode ranges in premitted_uri_chars regexp. Using <a href="http://en.wikipedia.org/wiki/Arabic_script_in_Unicode" rel="nofollow noreferrer">this wikipedia site</a> we can try to construct regexp:</p> <pre><code>a-z 0-9~%.:_\- \x0600-\x06FF </code></pre> <p>Unfortunately for our case CodeIgniter doesn't use the <code>u</code> modifier (used for unicode) in <code>preg_match</code>. So in order for this to work you would need to modify source code file <a href="https://github.com/EllisLab/CodeIgniter/blob/2.1-stable/system/core/URI.php#L257" rel="nofollow noreferrer">system/core/URI.php, line 257</a> line, and change it to:</p> <pre><code>if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this-&gt;config-&gt;item('permitted_uri_chars'), '-'))."]+$|iu", $str)) </code></pre> <p>In the above code I've added only the <code>u</code> modifier to <code>preg_match</code>. Alternatively you can extend <code>URI</code> class as desribed in <a href="http://ellislab.com/codeigniter/user-guide/general/core_classes.html" rel="nofollow noreferrer">documentation</a>, which is a better choice.</p> <p>(I didn't test this)</strike></p> <p>To answer the question why it is bad to allow all characters: I can only think of SQL Injection problems or <a href="https://www.owasp.org/index.php/Resource_Injection" rel="nofollow noreferrer">other kinds of injections</a>.</p> <p>Edit: for example if you use url <code>index.php/main/get_pdf?filename=awesome.pdf</code> to download pdf files from <code>./pdf/awesome.pdf</code> if you don't treat (i.e. validate) your input correctly malicious user could do something like this: <code>index.php/main/get_pdf?filename=../secure_files/nuclear_launch_codes.pdf</code> ;).</p> <p>Edit2: Well, above example is a not an example of bad use of <code>permitted_uri_chars</code> because AFAIK CodeIgniter allows this kind of url variables, so you need to validate this stuff your self. I'll check all of this stuff when I get home.</p> <p>Edit3: I fixed regexp, but it seems that this is not the way to enable Arabic characters so I crossed out this part of the answer.</p> <p>I played with CodeIgniter a little. I don't know if this stuff will work on other system. It works on my Windows XP, PHP 5.3. This is what I found:</p> <ul> <li>In PHP you can use UTF-8 characters as function and class identifiers, but it is not officialy supported (see <a href="https://stackoverflow.com/q/5358824/1637178">this</a> for further info).</li> <li><p>In CodeIgniter the <code>controller/method</code> part of the URL is url encoded (e.g. <code>ـج‎‎</code> is converted to <code>%D9%80%D8%AC%E2%80%8E</code>). If you want to use Arabic in <code>controller</code> or <code>method</code> names you have two options:</p> <ol> <li>In <code>application/config/routes.php</code> add url encoded route pointing to real route which could contain Arabic characters (as mentioned above, you can use UTF-8 characters in PHP identifiers). E.g.: <code>$route['welcome/%D8%A3'] = 'welcome/أ';</code> will enable user to go to <code>example.com/index.php/welcome/أ</code> which will call <code>أ</code> method (defined as <code>function أ() { ... }</code>) in <code>welcome</code> controller. Of course you can map arabic url encoded urls to normal ASCII names.</li> <li><p><a href="http://ellislab.com/codeigniter/user-guide/general/core_classes.html" rel="nofollow noreferrer">Extend</a> <code>system/core/Router.php</code> class so that <code>fetch_method</code> and <code>fetch_class</code> return url decoded names. I don't know what security implications are when you do this. Probably it is better to validate if input characters are indeed Arabic (i.e. you can check char ranges supplied <a href="http://en.wikipedia.org/wiki/Arabic_script_in_Unicode" rel="nofollow noreferrer">here</a>). Example of modified <code>fetch_class</code>:</p> <pre><code>function fetch_class() { return urldecode($this-&gt;class); } </code></pre></li> </ol></li> <li><p>If you need to use Arabic characters in parameters of controller methods you just need to <code>urldecode</code> these parameters. E.g.:</p> <pre><code>class Welcome extends CI_Controller { public function index($param) { $this-&gt;output-&gt;set_content_type("text/plain; charset=utf-8"); echo urldecode($param); } } </code></pre></li> <li><p>If you need to use these characters in query string it just works. E.g.</p> <pre><code>class Welcome extends CI_Controller { public function index() { $this-&gt;output-&gt;set_content_type("text/plain; charset=utf-8"); echo $this-&gt;input-&gt;get('arabic'); } } </code></pre> <p>Going to <code>example.com/index.php/welcome/index?arabic=ابتثجحخدذرزسشصضطظعغفقكلمنهوي</code> will print out <code>ابتثجحخدذرزسشصضطظعغفقكلمنهوي</code>.</p></li> </ul> <p>Edit4: If you have <code>$config['uri_protocol'] = 'PATH_INFO'</code> then:</p> <ol> <li>In config set <code>$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-\x{0600}-\x{06FF}';</code></li> <li><p>Extend <code>URI</code> class in <code>system/core/URI.php</code> so that in method <code>_filter_uri</code> line with <code>preg_match</code> is:</p> <pre><code>if ( ! preg_match("|^[".str_replace(array('\\-', '\-', '\{', '\}', '\\\\x'), array('-', '-', '{', '}', '\x'), preg_quote($this-&gt;config-&gt;item('permitted_uri_chars')))."]+$|ui", $str)) </code></pre></li> </ol>
    singulars
    1. This table or related slice is empty.
    1. POCI how risky is to leaving CodeIgniter Disallowed Key Characters empty?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USCommunity
    1. USJan Święcki
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POCI how risky is to leaving CodeIgniter Disallowed Key Characters empty?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    1. COThank you, but it still doesn't work. I get php warning: "Message: preg_match() [function.preg-match]: Compilation failed: range out of order in character class at offset 32".
      singulars
      1. PO
      1. USuser1324762
    2. CO@user1324762 I'll debug this when I get home in the evening
      singulars
      1. PO
      1. USJan Święcki
    3. CO@user1324762 I reread your question and I'm confused. Do you want to use arabic chars as controller or method names? I've managed to send arabic characters via `$_GET` (e.g. `www.example.com/index.php/welcome/index?arabic=ابتثجحخدذرزسشصضطظعغفقكلمنهوي`) on CodeIgniter 2.1.3 on default settings. Do you have problem with sending via `$_GET` or you want to use arabic in controller/method names?
      singulars
      1. PO
      1. USJan Święcki
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload