I'm wandering what the maximum URI length is in codeigniter, and if URI segments being used as arguments to a controller function count towards the browsers GET length limit? I think most browsers cap there GET parameter length to about 2000?
Currently if my total URI length (inc. https://domain/folder/controller/function/argument) exceeds around 1560 characters I get a forbidden message.
'Forbidden You don't have permission to access /folder/controller/function/argument on this server'
If I trim the characters back to under around 1550~1560 it works fine again. I realise 1500+ is alot anyway, which is why I was wandering if URI counts towards the GET limit.
Has anyone experienced this problem? Is there a solution aside from POSTing all data?
BTW: I'm using the URI protocol AUTO in the config
As far as I remember the whole URI is limited to a more or less specific length. Something is already mentioned here: What is the maximum length of a URL in different browsers?
However, it feels a little bit curious, that you require such long uris. If you append a query string of around 1000 characters length, thats already 1kB of data. In my oppinion a query string is not the right place to transport data around.
Related
I was wondering if there is a max length on a $_GET variable. I plan on using ajax with a get command and part of it is an encoding of an access key using one of my encoding methods. This method has returned back roughly 1530 characters and I was wondering if this it too long for a get variable as long as it's all URL encoded?
Thanks in advance,
Spencer
Browser would greatly affect the max length of your $_GET param
MAXIMUM LENGTH FOR BROWSERS REFERENCE
Some versions of PHP have a limitation of length of GET params:
PHP.NET REFERENCE
Max URL length is around 2000 charactors
In IE is around 2048 - http://support.microsoft.com/kb/208427
Similar to this? https://stackoverflow.com/a/7725515/2827152
Please note that PHP setups with the suhosin patch installed will have a default limit of 512
characters for get parameters. Although bad practice, most browsers (including IE) supports URLs up
to around 2000 characters, while Apache has a default of 8000.
To add support for long parameters with suhosin, add suhosin.get.max_value_length = in php.ini
Source: http://www.php.net/manual/en/reserved.variables.get.php#101469
I'm playing with Google URL shortner API, i would like to know if is there any maximum length for the URL returned from google.
I mean, short URLs are called short url because they are short, so they should be at max x chars length. I would like to know what that x is.
There is no way of telling the true length of them, the URL's could one day get 1 character longer because they ran out of unique links.
But currently they are 5 characters long, with a mix of numbers, low and higher case letters.
I already have minimum character limit, but was wondering is also adding a maximum a good idea?
For example; I have a post topic form which creates a forum topic (and stores the info in a MySQL database - the data type for the columns which are effected is text) - I have a minimum character limit for both the topic title and topic body, but I've seen on several other sites they have a maximum character limit aswell?
Is there any specific reason which in my situation it would be a bad idea?, why do sites commonly have this restriction (other then the obvious - could it effect functionality?) and if so what would be a typical/average maximum character limit for a topic title and a topic body (is there a general rule of thumb to determine this)?
Thank You.
The biggest reason I can think of as to setting a maximum character limit is because if you insert data into a MySQL database and the input is larger than the maximum length the column supports, the data is simply truncated with no error.
You can set the limits on the text field in HTML, but a user with the right tools can remove this restriction, so for very important data, you may want to check the length on the server side and make sure it can fit where it is going.
For your situation, I guess the other reason would be to prevent a user from creating a thread subject that is extremely long.
The title of your post here is good, but it may not be good if you were to add much more to it i.e.: Is adding maximum character restrictions a good idea on form fields which store data in a database because I am not doing it on my site and think I should, but don't know if I should or not. So I think it serves as a limitation in that sense too. Also, since your display may truncate the subject to a certain length in order to prevent breaking a layout or looking bad, it helps the user come up with a concise subject.
You may look at some free forum software to see what limits they put on the subjects, a reasonable limit seems like maybe 128 characters. Your subject is 100.
As for limiting the body, 65,635 bytes is pretty reasonable. On forums people who make really long posts tend to break them up into multiple posts because of limitations imposed.
if i trying to access this url http://localhost/common/news/33/+%E0%B0%95%E0%B1%87%E0%B0%B8.html , it shows an An Error Was Encountered, The URI you submitted has disallowed characters. I set $config['permitted_uri_chars'] = 'a-z 0-9~%.:??_=+-?' ; ..// WHat i do ?
Yeah, if you want to allow non-ASCII bytes you would have to add them to permitted_uri_chars. This feature operates on URL-decoded strings (normally, unless there is something unusual about the environment), so you have to put the verbatim bytes you want in the string and not merely % and the hex digits. (Yes, I said bytes: _filter_uri doesn't use Unicode regex, so you can't use a Unicode range.)
Trying to filter incoming values (instead of encoding outgoing ones) is a ludicrously basic error that it is depressing to find in a popular framework. You can turn this misguided feature off by setting permitted_uri_chars to an empty string, or maybe you would like a range of all bytes except for control codes ("\x20-\xFF"). Unfortunately the _filter_uri function still does crazy, crazy, broken things with some input, HTML-encoding some punctuation on the way in for some unknown bizarre reason. And you don't get to turn this off.
This, along with the broken “anti-XSS” mangler, makes me believe the CodeIgniter team have quite a poor understanding of how string escaping and security issues actually work. I would not trust anything they say on security ever.
What to do?
Stop using unicode characters in an URL - for the same reasons as you shouldn't name files on a filesystem with unicode characters.
But, if you really need it, I'll copy/paste some lines from the config:
Leave blank to allow all characters -- but only if you are insane.
I would NOT suggest trying to decode them or use any other tricks, instead I would suggest using urlencode() and urldecode() functions.
Since I don't have a copy of your code, I can't add examples, if you could provide me some, I can show you an example how to do it.
However, it's pretty straightforward to use, and it's built in PHP4 and PHP5.
I had a similar problem and wanted to share the solution. It was reset password, and I had to send the username and time, as the url will be active for an hour only. Codeigniter will not accept certain characters in url for security reasons and I did not want to change that. So here is what I did:
concat user name, '__' and time() in a var $str
encrypt $str using MCRYPT_BLOWFISH, this may contain '/', '+'
re-encrypt using str2hex (got it from here)
put the encoded string as the 3rd argument in the link sent by
email, like,
http://xyz.com/users/resetpassword/3123213213ABCDEF238746238469898
-you can see that the url contains only 0-9 and A-Z.
When link from email is clicked, get the 3rd uri segment, use
hex2str() to decrypt to blowfish encrypted string, and then apply
blowfish decrypt to get the original string.
split with '__' to get the user name and time
I know that its almost a year till this question was asked, but I am hoping that someone will find this solution helpful after coming here by google.
Is there a maximum length for the URI in the file_get_contents() function in PHP?
I suppose there is a maximum length, but you'll be hard pressed to find it. If you do hit the maximum, you're doing something wrong. :)
I haven't been able to find a number for PHP specifically, but MS IIS, Apache and the Perl HTTP::Daemon seem to have limits between 4,000 and 16,384 bytes, PHP will probably be somewhere around there as well.
What you need to consider is not really how much your side can handle, but also how much the other server you're querying can handle (which is presumably what you're doing). As such, any URL longer than ~1000 characters is usually already way too long and never really encountered in the real world.
As others have stated, it is most likely limited by the HTTP protocol.
You can view this answer for more info on that : What is the maximum length of an url?
In HTTP there's no length-limit for URI,and there's no note of file_get_contents() about this in the manual .So I think you needn't to consider about this problem.
BTW,the length of URI is limited by some browser and webserver.For example,in IE,the length should be less than 2083 and in FF it's 65,536.I tried to test this I found that only not more than 8182 is OK when I visited my apache on ubuntu because of limit of my apache.