Yesterday I spent hours with the “Disallowed Key Characters” error message on my site. After went through some related topic in this forum, I’ve found the problem came from the $_COOKIE. I have the PHProxy 0.5b2 (you can find it on sourceforge.net) application running on my domain and enable the “Allow cookies to be stored” feature. The PHProxy’s cookie look like:
Notice there are “%” character in the key.
I looked at the system/libraries/Input.php and found these lines did not help me get rid of silly COOKIEs
I managed to improve the code a bit:
$CFG =& load_class('Config');
$cook_key = array_keys($_COOKIE);
$safe_cook_key = array( '__utm', //google analytics
foreach($cook_key as $val)
if(substr_compare($val, $safe_cook_key,0, strlen($safe_cook_key))!=0 && substr_compare($val, $safe_cook_key,0, strlen($safe_cook_key))!=0)
$_COOKIE = $this->_clean_input_data($_COOKIE);
And the result is nice to me. The stranger’s cookies were gone.
Do you guys think it’s a bug of Input.php? And i’m appreciate if s/o show me a better solution.
Thanks and regards,