-1

I am trying to POST a SOAP request. It looks like a duplicate problem. There multiple solutions available for this issue but none worked for me. So I have tried following:

Found top answer in SO but it gave me preg_match() compilation failure. Which I tried to resolve with this answer but I am still getting the same error.

Then I tried last answer on this question from SO but no luck.

core/Input.php

function _clean_input_keys($str)
    {
        if ( ! preg_match("/[^a-zA-Z0-9_\-.]+$/i", $str))
        {
            exit('Disallowed Key Characters.'.$str);
        }

I am not good at Regular Expressions and can't figure where the issue is?

Community
  • 1
  • 1
Himanshu Yadav
  • 13,315
  • 46
  • 162
  • 291

1 Answers1

1

Can you tell first what are you trying to do? are you sending the xml through post, get? how did this error occur?

Also in solution that you have found (which probaly is the cause) what is the regex you used in your app??

Did you noticed this in asnwer? preg_macth compilation error indicates unescaped regex

Please not that the char thats missing is the .(dot) and you should always escape the .(dot) in Regular Expressions as they will otherwise allow any single char.

edit:

if ( !preg_match("/^[a-z0-9:_\/-\<\?]+$/i", $str)) //or alternatively match all chars "/^[\.-a-z0-9:_\/-]+$/i"
    {
        exit('Disallowed Key Characters.'.$str);
    }

not the added < and ?, you have to add all charters that are triggering this condition. The reason these charterers are not added in condition is to prevent injections. So use it wisely. google xml preg_match expression to make sure it is a xml file and if needed create another input check. because xml may contain all charaters taht are disallowed, you might as well remove that condition and return true;

Edit2: also if you can instead of post, try to parse the XML via link or as uploaded file.

Community
  • 1
  • 1
Elijan
  • 1,406
  • 1
  • 8
  • 11
  • Yes. This answer did not work for me and gave me an error. I mentioned it in my question. Tried to resolve it with '-' but still the same issue. – Himanshu Yadav May 30 '13 at 15:13
  • Can't do that. XML request is being sent from Windows 8 app. It is a Windows 8 standard. – Himanshu Yadav May 30 '13 at 15:40
  • @HimanshuYadav Then i would suggest to debug it as you go. or as said remove that condition and retunr true (or rather retunr str) as XML can have all sort of characters that Codigniter will not allow in the $_POST. Alternativeley, hack teh Input.php class to allow this specified post, intead of to clean the input. see under `// Clean $_POST Data` in my code is aroudn line 617 – Elijan May 30 '13 at 15:45