{"id":819,"date":"2013-03-11T16:07:55","date_gmt":"2013-03-11T20:07:55","guid":{"rendered":"http:\/\/blog.uvm.edu\/ctl-projects\/?p=390"},"modified":"2013-03-11T16:07:55","modified_gmt":"2013-03-11T20:07:55","slug":"events-calendar-mystery-solved","status":"publish","type":"post","link":"https:\/\/blog.uvm.edu\/waw\/2013\/03\/11\/events-calendar-mystery-solved\/","title":{"rendered":"Events calendar mystery solved"},"content":{"rendered":"

On Mar 4, 2013, at 11:17 AM, Wendy Verrrei-Berenback <wverreib@uvm.edu<\/a>> wrote:<\/p>\n

Disallowed Key Characters: pspw1-8520-PORTAL-PSJSESSIONID
\nusing Firefox 19<\/p><\/blockquote>\n

The Events Calendar code utilizes a “software framework” (viz.http:\/\/en.wikipedia.org\/wiki\/Software_framework<\/a>\u00a0) called CodeIgnitor. When processing any sort of input (URL, form input via GET or POST, or cookies), CodeIgnitor tries to “sanitize” the input to remove or exclude any data that may be malicious in nature.<\/p>\n

In particular, CodeIgnitor goes through every cookie set by ANY application in the\u00a0uvm.edu<\/a>\u00a0domain. Why? Because it can, and cookies are only identified by hostname (catalyst.uvm.edu<\/a>) or domain name (uvm.edu<\/a>), not by the application that deposited them. This is a bit of overkill, as we have a lot of applications. \u00a0CodeIgnitor took exception to any cookie whose name was NOT constructed solely of the characters a through z, A to Z, 0 to 9, “:”, “_”. and “\/” .<\/p>\n

Any UVM application using WebAuth — like the mediamanager, was producing a key named<\/p>\n

webauth_ct_krb5_krbtgt\/uvm.edu@uvm.edu<\/a><\/p>\n

Sorry, “@”, and “.” disallowed, outside the above set.<\/p>\n

PeopleSoft?<\/p>\n

pspw1-8520-PORTAL-PSJSESSIONID
\npspw2-8520-PORTAL-PSJSESSIONID<\/p>\n

“-” disallowed.<\/p>\n

I locally extended the CodeIgnitor core Input class to accept “@”, “-“, and “.” when examining cookies (But not when sanitizing URLs or form input). This error should trouble us no more.<\/p>\n","protected":false},"excerpt":{"rendered":"

On Mar 4, 2013, at 11:17 AM, Wendy Verrrei-Berenback <wverreib@uvm.edu> wrote: Disallowed Key Characters: pspw1-8520-PORTAL-PSJSESSIONID using Firefox 19 The Events Calendar code utilizes a “software framework” (viz.http:\/\/en.wikipedia.org\/wiki\/Software_framework\u00a0) called CodeIgnitor. When processing any sort of input (URL, form input via GET … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41826],"tags":[42758,41836,542],"class_list":["post-819","post","type-post","status-publish","format-standard","hentry","category-wes","tag-boffins","tag-codeignitor","tag-events"],"_links":{"self":[{"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/posts\/819","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/comments?post=819"}],"version-history":[{"count":0,"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/posts\/819\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/media?parent=819"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/categories?post=819"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.uvm.edu\/waw\/wp-json\/wp\/v2\/tags?post=819"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}