The URI you submitted has disallowed characters. encode var in URL

Question

I have a registration form in my application. When someone complete the registration receive an email with a link to confirm registration (typical situation).

The link is something like this

http://www.myDomain.com/registration/validation/m0NQGT4XzQgId5zuH/1PrDqNSP7YWq81Mba8cSXLb1WsQ5aVqf2sQ3Ece3ZdmxYvLjztaGp7Xmhv8ArjFET/8Q==

• registration is the controller
• validation is the function
• and the last one is the username

Encoding the username:

$encrypted_username = $this->encrypt->encode($username);

But, accessing the link returns the following error

The URI you submitted has disallowed characters.

Setting $config['permitted_uri_chars'] = ''; everything goes right, but they say we shouldn't do this.

So, how can I solve this problem right?

Answer 1

you can create helper for encode and decode url string in following way.

1) create one helper file into application/helper folder and paste below encode helper function.

<?php

/**
 * Encodes a string as base64, and sanitizes it for use in a CI URI.
 * 
 * @param string $str The string to encode
 * @return string
 */
function url_base64_encode($str = '')
{
    return strtr(base64_encode($str), '+=/', '.-~');
}

/**
 * Decodes a base64 string that was encoded by url_base64_encode.
 * 
 * @param object $str The base64 string to decode.
 * @return string
 */
function url_base64_decode($str = '')
{
    return base64_decode(strtr($str, '.-~', '+=/'));
}

2) then you can use these function alternative to core functions like base64_encode() and base64_decode()

Answer 2

I changed my config.php to

$config['permitted_uri_chars'] = '+=\a-z 0-9~%.:_-';

and now is working fine, I hope this is a safe solution.