BambooInvoice Forums | Disallowed characters in URI when resetting password

Disallowed characters in URI when resetting password

Dec 15, 2009 06:09pm jpearson Total Posts: 28	Hi Derek When I’ve gone to reset my password (which seems to happen quite frequently - it never seems to keep my password), it’s throwing up the following error message: An Error Was Encountered The URI you submitted has disallowed characters. Even when allowing all characters (”$config[‘permitted_uri_chars’] = ‘’;”), it’s still throwing the error. The URI that BambooInvoice sent me is http://localhost/accounts/index.php/login/confirm_password/1/iYbj= tMPryvlE (yes, that’s a space after the equals sign; yes, that was there originally.) Do you have any suggestions? I actually need to get into Bamboo Invoice, as I have an invoice that I need to send off. My biggest problem at the moment, as I mentioned, is that I seem to constantly be resetting my password. It will work for a week or two, then all of a sudden it goes kaput. I have FF remembering my password, so that’s not the issue.

Dec 15, 2009 06:10pm jpearson Total Posts: 28	Hi Derek Sorry. I just realised this is in the wrong topic. I’ll move the thread, but I can’t seem to delete it from here. Are you able to do that?

Dec 15, 2009 07:07pm Derek Allard Total Posts: 2324	Moved. I’m not sure how what you are reporting is even possible. Code restricts your possible character choices to `$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';` Equal signs and spaces obviously aren’t part of that list. Is this an unmodified Bamboo install? What version? Please restore permitted uri characters. That’s an important part of the security of the system.

Dec 16, 2009 06:01am jpearson Total Posts: 28	I’m using the 0.8.9 install, and the only things I modified are the database connection info and config info (date display and root URI).

Dec 16, 2009 06:18am jpearson Total Posts: 28	I have worked out that if I remove the ‘= ’ from the string, everything works fine… Strange…

Dec 16, 2009 08:18am Derek Allard Total Posts: 2324	I still don’t understand how its possible that the equal sign made it in there - it is strange! Let me know if this crops up again.

Dec 16, 2009 08:24am jpearson Total Posts: 28	Well, it is still doing it, however I’m content to just remove the “= “... It almost provides an extra level of security for me… I want to take this opportunity to again thank you for developing this brilliant piece of coding. It’s really a God-send. I’ve searched so long for something to do what I want it to do, and this is what I’m looking for. Sure, there are features I would like to see implemented, but even at this early stage, it’s brilliant. So again, my thanks and gratitude.