Disallowed key characters in global data.

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Tue, 2009-06-09 13:55

Anyone know what that means and how to fix it? I Googled it and noticed that it's got something to do with the PHP code, so I am afraid to touch it without knowing how it pertains to G3.

Thanks,

Alex

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Tue, 2009-06-09 21:43

I guess you have to be a bit more verbose on when and where you got this.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Wed, 2009-06-10 11:36

I got this during the 2nd step of the installation. I entered my database information with id/password and clicked Next. and bang I got hit with this obscure terrifying message.

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Wed, 2009-06-10 12:44

I actually get a "Gallery 3 Installation is Complete!" message, but when I click on "Start Using Gallery" link, it takes me to a blank page with that message (Disallowed key characters in global data.)

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Wed, 2009-06-10 13:36

If I look at the source code, I don't see an actual link to the Gallery. Could this be a bug? Or did it not set up correctly?

<h1> Success! </h1>
<p class="success"> Your Gallery3 install is complete! </p>
<h2>
<a href="..">Start using Gallery</a>
</h2>

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Wed, 2009-06-10 14:29

Sounds to me like it is not set up properly.
Delete everything including the DB and get a new recent version from GIT.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Wed, 2009-06-10 23:01

Also, please post a phpinfo link. It might be related to your server config.
FAQ: What information is required when I ask for help in the forums?
Thanks.

--------------
Documentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Fri, 2009-06-12 08:49

That message shows up when the Kohana cross site scripting filter detects that there's something malicious in the url. You could try working around it by editing gallery3/application/config/config.php and setting global_xss_filtering to false.
---
Problems? Check gallery3/var/logs before you post! and file bugs here!
Latest zip: http://github.com/gallery/gallery3/zipball/master
Latest git: http://codex.gallery2.org/Gallery:Using_Git

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Tue, 2009-06-16 13:12

I removed G3 from my server, then I downloaded it again. I performed a clean install. After receiving the "Success! Your Gallery3 install is complete!" Message, it gave me an admin id/pass to use. When I click on "start using gallery!" I receive the exact same message: Disallowed key characters in global data.

I then went ahead and deleted G3 from the server, edited the config.php and installed it, same result.
I then tried installing it again, then editing the config.php; same result.

Please help. Thanks!

I am using Firefox 3.0.11

My PHP Info:

PHP Version 5.2.9

System Linux hina.lunarmania.com 2.6.9-67.0.22.ELsmp #1 SMP Wed Jul 23 17:30:51 EDT 2008 i686

Build Date May 9 2009 20:12:08

Configure Command './configure' '--prefix=/usr/local/php5' '--with-config-file-path=/usr/local/etc/php5/cgi' '--enable-bcmath' '--enable-calendar' '--with-curl' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-gettext' '--with-imap=/opt/php_with_imap_client' '--enable-mbstring' '--enable-mbregex' '--with-mcrypt=/opt/libmcrypt' '--with-mhash' '--enable-magic-quotes' '--with-mysqli' '--with-mysql=/usr' '--with-openssl' '--enable-discard-path' '--with-pear' '--with-pspell' '--enable-sockets' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--enable-zip' '--enable-soap' '--with-zlib' '--with-xsl' '--enable-pdo' '--with-pdo-mysql=/usr' '--with-pgsql=/usr' '--with-pdo-pgsql=/usr' '--with-kerberos' '--with-imap-ssl'

Server API CGI

Virtual Directory Support disabled

Configuration File (php.ini) Path /usr/local/etc/php5/cgi

Loaded Configuration File /home/thedo19/public_html/php.ini

Scan this dir for additional .ini files (none)

additional .ini files parsed (none)

PHP API 20041225

PHP Extension 20060613

Zend Extension 220060519

Debug Build no

Thread Safety disabled

Zend Memory Manager enabled

IPv6 Support enabled

Registered PHP Streams zip, php, file, data, http, ftp, compress.zlib, https, ftps

Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls

Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, zlib.*

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Tue, 2009-06-16 20:09

Try editing system/libraries/Input.php and comment out (or delete) line 406, which looks like this:

  exit('Disallowed key characters in global data.');

Then what happens?
---
Problems: Check gallery3/var/logs first!
file a bug or feature request | upgrade to the latest code | use git

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Tue, 2009-06-16 20:39

@Alexxx1:

Can you post a link to a phpinfo file, or post the complete contents of the phpinfo file?
The part you posted is just small part of the whole phpinfo file.
Specifically, I'm interested in the $_SERVER variables.

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Wed, 2009-06-17 12:48

@bharat I deleted the exit('Disallowed key characters in global data.');
and it worked! It let me through. Unfortunately I forgot my password so had to delete the whole thing again and install it. I downloaded it again from this site as I am on a different computer. I uploaded it without editing anything and it worked! I couldn't believe it! I didn't edit anything. I don't if you guys changed something, but everything is good go now.

@valiant do you still want me to post the phpinfo file info? If so, how do I get that info?

Thanks!

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Wed, 2009-06-17 06:16

_SERVER["HTTP_HOST"] www.example.com
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_URI"] /phpinfo.php
_SERVER["SCRIPT_FILENAME"] /home/example/public_html/phpinfo.php
_SERVER["SCRIPT_NAME"] /phpinfo.php
_SERVER["SERVER_ADDR"] 11.111.111.111
_SERVER["SERVER_NAME"] www.example.com
_SERVER["SERVER_PORT"] 80
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["PHP_SELF"] /phpinfo.php

(i've replaced your real paths / domain with generic data above)

ok, that looks pretty standard. it's not what i thought. you can delete your phpinfo file again. thanks!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Thu, 2009-06-18 18:36

Alexxx1: Can you try installing the latest code? See instructions in my sig below. If the problem recurs with the new stuff then it's something we need to fix.
---
Problems: Check gallery3/var/logs first!
file a bug or feature request | upgrade to the latest code | use git

Alexxx1

Joined: 2006-10-17
Posts: 20

Posted: Fri, 2009-06-19 11:33

It's working! Thanks guys!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Fri, 2009-06-19 17:28

Wooot!
---
Problems: Check gallery3/var/logs first!
file a bug or feature request | upgrade to the latest code | use git

David Lari

Joined: 2009-06-30
Posts: 1

Posted: Tue, 2009-06-30 12:13

I just got the error. I installed the G3 version from bharat's sig "upgrade to the latest code" on June 29th. I ran the install on Firefox and everything went well. I accessed the site from Firefox and all went well. When I try to access from the latest version of Opera for Windows, I get the error going to the main page of my gallery. Site also works fine under IE7. Looks like an Opera related issue.

desean84

Joined: 2002-08-15
Posts: 36

Posted: Sun, 2009-09-13 05:01

Hi,

I also have this "Disallowed key characters in global data" error after installing G3. The installer shows installation is complete but i got this error when going to my G3.

To "fix" the problem, I commented out the code on line 406 of system/libraries/Input.php as described above. G3 works for me now at least. more info on my system setup as below:

G3 version: 3.0 git (pre-beta3) - pulled from git on 13 Sep 2009 at 11:20 (GMT+8)
link to my G3: http://www.dragonscouts.com/ gall ery3 (remove the 2 spaces in the url)
link to my phpinfo: http://www.dragonscouts.com/ php info.php (remove the 2 spaces in the url)
browser: tried on chrome 3.0.195.20 & firefox 3.5.3

hope this will be fixed soon.

Dragons Online!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Sun, 2009-09-13 03:55

@desean84: can you fiddle with Input.php and print out the offending string that's triggering that error? That'd give us a starting point.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!

desean84

Joined: 2002-08-15
Posts: 36

Posted: Sun, 2009-09-13 09:05

alright, the offending code should be as follows:

	public function clean_input_keys($str)
	{
		$chars = PCRE_UNICODE_PROPERTIES ? '\pL' : 'a-zA-Z';

		if ( ! preg_match('#^['.$chars.'0-9:_.-]++$#uD', $str))
		{
			exit('Disallowed key characters in global data.');
		}

		return $str;
	}

i did a echo of $str & $chars before the exit() and this is what i get:

$str = wpgb_visit_last-http://www_dragonscouts_com
$chars = \pL

this is obtained when i visit http://www.dragonscouts.com /gal lery3/ (remove the 2 spaces in the url. i'm doing this as i don't wish for my test site to be crawled)

hope this helps.

Dragons Online!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Sun, 2009-09-13 05:09

Wacky. Searching for "wpgb_visit_last" (http://www.google.com/search?q=wpgb_visit_last) leads me to "WP Greet Box Plugin" which seems to stick some interesting stuff in the cookie. That's triggering our security code. If you replace the exit() call with code to throw an exception, then we can see the complete stack trace in the logs. Try adding:

throw new Exception("SECURITY");

Then look in gallery3/var/logs and paste the stack trace here.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!

desean84

Joined: 2002-08-15
Posts: 36

Posted: Sun, 2009-09-13 09:05

this is what gets throw out in my log:

<?php defined('SYSPATH') or die('No direct script access.'); ?>

2009-09-12 23:56:42 -07:00 --- error: Uncaught Exception: SECURITY in file system/libraries/Input.php on line 410

i use WP Greet Box Plugin on my Wordpress installation @ http://www.dragonscouts.com/home/ but my wordpress and gallery are both standalone. this is something odd.

Dragons Online!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Sun, 2009-09-13 08:28

WP Greet Box is setting a cookie for your domain. That cookie is getting passed to Gallery 3, which is analyzing it for security purposes and determining that it's a security risk.

Hm. Ok, we need more code there to get the right stack trace. Try using this code instead:

    ob_start();
    debug_print_backtrace();
    Kohana::log("alert",ob_get_clean());

That should give us a nice stack trace in your logs.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git

desean84

Joined: 2002-08-15
Posts: 36

Posted: Sun, 2009-09-13 09:03

this is what i get in the logs:

<?php defined('SYSPATH') or die('No direct script access.'); ?>

2009-09-13 02:01:45 -07:00 --- alert: #0  Input_Core->clean_input_keys(wpgb_visit_last-http://www_dragonscouts_com) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:134]
#1  Input_Core->__construct() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:37]
#2  Input_Core::instance() called at [/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php:37]
#3  include(/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Kohana.php:199]
#4  Kohana::setup() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php:37]
#5  require(/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/index.php:86]

2009-09-13 02:01:46 -07:00 --- alert: #0  Input_Core->clean_input_keys(wpgb_visit_last-http://www_dragonscouts_com) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:134]
#1  Input_Core->__construct() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:37]
#2  Input_Core::instance() called at [/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php:37]
#3  include(/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Kohana.php:199]
#4  Kohana::setup() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php:37]
#5  require(/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/index.php:86]

2009-09-13 02:01:46 -07:00 --- alert: #0  Input_Core->clean_input_keys(wpgb_visit_last-http://www_dragonscouts_com) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:134]
#1  Input_Core->__construct() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:37]
#2  Input_Core::instance() called at [/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php:37]
#3  include(/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Kohana.php:199]
#4  Kohana::setup() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php:37]
#5  require(/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/index.php:86]

Dragons Online!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Sun, 2009-09-13 17:58

Ok, got it. I'm not sure how we're going to fix this; this security is part of Kohana, the underlying application framework that we use. We'll track it in the ticket I linked above and fix it when we can. Thanks much for the info!
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git

desean84

Joined: 2002-08-15
Posts: 36

Posted: Mon, 2009-09-14 12:31

your welcome. glad to be of help

Dragons Online!

Promotion Travels

Joined: 2006-03-14
Posts: 16

Posted: Wed, 2009-12-30 12:26

I have recently had this problem with the latest 'git pull'

Commenting out:
exit('Disallowed key characters in global data.');

did the trick for me as suggested.

Would this have to be done with each kohana related page changes?

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Thu, 2009-12-31 01:54

This is still on my list of things to investigate, but I haven't made any progress on it yet.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git

desean84

Joined: 2002-08-15
Posts: 36

Posted: Sat, 2010-03-13 06:41

hi bharat,

just to inform that this is no longer an issue for me in gallery3 rc1 p1

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Tue, 2009-06-09 13:55
	Anyone know what that means and how to fix it? I Googled it and noticed that it's got something to do with the PHP code, so I am afraid to touch it without knowing how it pertains to G3. Thanks, Alex
	XUser login Username: * Password: * Create new account Request new password
floridave Joined: 2003-12-22 Posts: 27300	Posted: Tue, 2009-06-09 21:43
	I guess you have to be a bit more verbose on when and where you got this. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Wed, 2009-06-10 11:36
	I got this during the 2nd step of the installation. I entered my database information with id/password and clicked Next. and bang I got hit with this obscure terrifying message.

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Wed, 2009-06-10 12:44
	I actually get a "Gallery 3 Installation is Complete!" message, but when I click on "Start Using Gallery" link, it takes me to a blank page with that message (Disallowed key characters in global data.)

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Wed, 2009-06-10 13:36
	If I look at the source code, I don't see an actual link to the Gallery. Could this be a bug? Or did it not set up correctly? <h1> Success! </h1> <p class="success"> Your Gallery3 install is complete! </p> <h2> <a href="..">Start using Gallery</a> </h2>

floridave Joined: 2003-12-22 Posts: 27300	Posted: Wed, 2009-06-10 14:29
	Sounds to me like it is not set up properly. Delete everything including the DB and get a new recent version from GIT. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

valiant Joined: 2003-01-04 Posts: 32509	Posted: Wed, 2009-06-10 23:01
	Also, please post a phpinfo link. It might be related to your server config. FAQ: What information is required when I ask for help in the forums? Thanks. -------------- Documentation: Support / Troubleshooting \| Installation, Upgrade, Configuration and Usage

bharat Joined: 2002-05-21 Posts: 7994	Posted: Fri, 2009-06-12 08:49
	That message shows up when the Kohana cross site scripting filter detects that there's something malicious in the url. You could try working around it by editing gallery3/application/config/config.php and setting global_xss_filtering to false. --- Problems? Check gallery3/var/logs before you post! and file bugs here! Latest zip: http://github.com/gallery/gallery3/zipball/master Latest git: http://codex.gallery2.org/Gallery:Using_Git

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Tue, 2009-06-16 13:12
	I removed G3 from my server, then I downloaded it again. I performed a clean install. After receiving the "Success! Your Gallery3 install is complete!" Message, it gave me an admin id/pass to use. When I click on "start using gallery!" I receive the exact same message: Disallowed key characters in global data. I then went ahead and deleted G3 from the server, edited the config.php and installed it, same result. I then tried installing it again, then editing the config.php; same result. Please help. Thanks! I am using Firefox 3.0.11 My PHP Info: PHP Version 5.2.9 System Linux hina.lunarmania.com 2.6.9-67.0.22.ELsmp #1 SMP Wed Jul 23 17:30:51 EDT 2008 i686 Build Date May 9 2009 20:12:08 Configure Command './configure' '--prefix=/usr/local/php5' '--with-config-file-path=/usr/local/etc/php5/cgi' '--enable-bcmath' '--enable-calendar' '--with-curl' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-gettext' '--with-imap=/opt/php_with_imap_client' '--enable-mbstring' '--enable-mbregex' '--with-mcrypt=/opt/libmcrypt' '--with-mhash' '--enable-magic-quotes' '--with-mysqli' '--with-mysql=/usr' '--with-openssl' '--enable-discard-path' '--with-pear' '--with-pspell' '--enable-sockets' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--enable-zip' '--enable-soap' '--with-zlib' '--with-xsl' '--enable-pdo' '--with-pdo-mysql=/usr' '--with-pgsql=/usr' '--with-pdo-pgsql=/usr' '--with-kerberos' '--with-imap-ssl' Server API CGI Virtual Directory Support disabled Configuration File (php.ini) Path /usr/local/etc/php5/cgi Loaded Configuration File /home/thedo19/public_html/php.ini Scan this dir for additional .ini files (none) additional .ini files parsed (none) PHP API 20041225 PHP Extension 20060613 Zend Extension 220060519 Debug Build no Thread Safety disabled Zend Memory Manager enabled IPv6 Support enabled Registered PHP Streams zip, php, file, data, http, ftp, compress.zlib, https, ftps Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, convert.iconv., zlib.*

bharat Joined: 2002-05-21 Posts: 7994	Posted: Tue, 2009-06-16 20:09
	Try editing system/libraries/Input.php and comment out (or delete) line 406, which looks like this: exit('Disallowed key characters in global data.'); Then what happens? --- Problems: Check gallery3/var/logs first! file a bug or feature request \| upgrade to the latest code \| use git

valiant Joined: 2003-01-04 Posts: 32509	Posted: Tue, 2009-06-16 20:39
	@Alexxx1: Can you post a link to a phpinfo file, or post the complete contents of the phpinfo file? The part you posted is just small part of the whole phpinfo file. Specifically, I'm interested in the $_SERVER variables.

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Wed, 2009-06-17 12:48
	@bharat I deleted the exit('Disallowed key characters in global data.'); and it worked! It let me through. Unfortunately I forgot my password so had to delete the whole thing again and install it. I downloaded it again from this site as I am on a different computer. I uploaded it without editing anything and it worked! I couldn't believe it! I didn't edit anything. I don't if you guys changed something, but everything is good go now. @valiant do you still want me to post the phpinfo file info? If so, how do I get that info? Thanks!

valiant Joined: 2003-01-04 Posts: 32509	Posted: Wed, 2009-06-17 06:16
	_SERVER["HTTP_HOST"] www.example.com _SERVER["QUERY_STRING"] no value _SERVER["REQUEST_URI"] /phpinfo.php _SERVER["SCRIPT_FILENAME"] /home/example/public_html/phpinfo.php _SERVER["SCRIPT_NAME"] /phpinfo.php _SERVER["SERVER_ADDR"] 11.111.111.111 _SERVER["SERVER_NAME"] www.example.com _SERVER["SERVER_PORT"] 80 _SERVER["SERVER_PROTOCOL"] HTTP/1.1 _SERVER["PHP_SELF"] /phpinfo.php (i've replaced your real paths / domain with generic data above) ok, that looks pretty standard. it's not what i thought. you can delete your phpinfo file again. thanks!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Thu, 2009-06-18 18:36
	Alexxx1: Can you try installing the latest code? See instructions in my sig below. If the problem recurs with the new stuff then it's something we need to fix. --- Problems: Check gallery3/var/logs first! file a bug or feature request \| upgrade to the latest code \| use git

Alexxx1 Joined: 2006-10-17 Posts: 20	Posted: Fri, 2009-06-19 11:33
	It's working! Thanks guys!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Fri, 2009-06-19 17:28
	Wooot! --- Problems: Check gallery3/var/logs first! file a bug or feature request \| upgrade to the latest code \| use git

David Lari Joined: 2009-06-30 Posts: 1	Posted: Tue, 2009-06-30 12:13
	I just got the error. I installed the G3 version from bharat's sig "upgrade to the latest code" on June 29th. I ran the install on Firefox and everything went well. I accessed the site from Firefox and all went well. When I try to access from the latest version of Opera for Windows, I get the error going to the main page of my gallery. Site also works fine under IE7. Looks like an Opera related issue.

desean84 Joined: 2002-08-15 Posts: 36	Posted: Sun, 2009-09-13 05:01
	Hi, I also have this "Disallowed key characters in global data" error after installing G3. The installer shows installation is complete but i got this error when going to my G3. To "fix" the problem, I commented out the code on line 406 of system/libraries/Input.php as described above. G3 works for me now at least. more info on my system setup as below: G3 version: 3.0 git (pre-beta3) - pulled from git on 13 Sep 2009 at 11:20 (GMT+8) link to my G3: http://www.dragonscouts.com/ gall ery3 (remove the 2 spaces in the url) link to my phpinfo: http://www.dragonscouts.com/ php info.php (remove the 2 spaces in the url) browser: tried on chrome 3.0.195.20 & firefox 3.5.3 hope this will be fixed soon. Dragons Online!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Sun, 2009-09-13 03:55
	@desean84: can you fiddle with Input.php and print out the offending string that's triggering that error? That'd give us a starting point. --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git \| help! vote!

desean84 Joined: 2002-08-15 Posts: 36	Posted: Sun, 2009-09-13 09:05
	alright, the offending code should be as follows: public function clean_input_keys($str) { $chars = PCRE_UNICODE_PROPERTIES ? '\pL' : 'a-zA-Z'; if ( ! preg_match('#^['.$chars.'0-9:_.-]++$#uD', $str)) { exit('Disallowed key characters in global data.'); } return $str; } i did a echo of $str & $chars before the exit() and this is what i get: $str = wpgb_visit_last-http://www_dragonscouts_com $chars = \pL this is obtained when i visit http://www.dragonscouts.com /gal lery3/ (remove the 2 spaces in the url. i'm doing this as i don't wish for my test site to be crawled) hope this helps. Dragons Online!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Sun, 2009-09-13 05:09
	Wacky. Searching for "wpgb_visit_last" (http://www.google.com/search?q=wpgb_visit_last) leads me to "WP Greet Box Plugin" which seems to stick some interesting stuff in the cookie. That's triggering our security code. If you replace the exit() call with code to throw an exception, then we can see the complete stack trace in the logs. Try adding: throw new Exception("SECURITY"); Then look in gallery3/var/logs and paste the stack trace here. --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git \| help! vote!

desean84 Joined: 2002-08-15 Posts: 36	Posted: Sun, 2009-09-13 09:05
	this is what gets throw out in my log: <?php defined('SYSPATH') or die('No direct script access.'); ?> 2009-09-12 23:56:42 -07:00 --- error: Uncaught Exception: SECURITY in file system/libraries/Input.php on line 410 i use WP Greet Box Plugin on my Wordpress installation @ http://www.dragonscouts.com/home/ but my wordpress and gallery are both standalone. this is something odd. Dragons Online!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Sun, 2009-09-13 08:28
	WP Greet Box is setting a cookie for your domain. That cookie is getting passed to Gallery 3, which is analyzing it for security purposes and determining that it's a security risk. Hm. Ok, we need more code there to get the right stack trace. Try using this code instead: ob_start(); debug_print_backtrace(); Kohana::log("alert",ob_get_clean()); That should give us a nice stack trace in your logs. --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git

desean84 Joined: 2002-08-15 Posts: 36	Posted: Sun, 2009-09-13 09:03
	this is what i get in the logs: <?php defined('SYSPATH') or die('No direct script access.'); ?> 2009-09-13 02:01:45 -07:00 --- alert: #0 Input_Core->clean_input_keys(wpgb_visit_last-http://www_dragonscouts_com) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:134] #1 Input_Core->__construct() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:37] #2 Input_Core::instance() called at [/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php:37] #3 include(/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Kohana.php:199] #4 Kohana::setup() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php:37] #5 require(/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/index.php:86] 2009-09-13 02:01:46 -07:00 --- alert: #0 Input_Core->clean_input_keys(wpgb_visit_last-http://www_dragonscouts_com) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:134] #1 Input_Core->__construct() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:37] #2 Input_Core::instance() called at [/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php:37] #3 include(/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Kohana.php:199] #4 Kohana::setup() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php:37] #5 require(/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/index.php:86] 2009-09-13 02:01:46 -07:00 --- alert: #0 Input_Core->clean_input_keys(wpgb_visit_last-http://www_dragonscouts_com) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:134] #1 Input_Core->__construct() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/libraries/Input.php:37] #2 Input_Core::instance() called at [/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php:37] #3 include(/home/dragonscouts/dragonscouts.com/gallery3/modules/gallery/hooks/init_gallery.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Kohana.php:199] #4 Kohana::setup() called at [/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php:37] #5 require(/home/dragonscouts/dragonscouts.com/gallery3/system/core/Bootstrap.php) called at [/home/dragonscouts/dragonscouts.com/gallery3/index.php:86] Dragons Online!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Sun, 2009-09-13 17:58
	Ok, got it. I'm not sure how we're going to fix this; this security is part of Kohana, the underlying application framework that we use. We'll track it in the ticket I linked above and fix it when we can. Thanks much for the info! --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git

desean84 Joined: 2002-08-15 Posts: 36	Posted: Mon, 2009-09-14 12:31
	your welcome. glad to be of help Dragons Online!

Promotion Travels Joined: 2006-03-14 Posts: 16	Posted: Wed, 2009-12-30 12:26
	I have recently had this problem with the latest 'git pull' Commenting out: `exit('Disallowed key characters in global data.');` did the trick for me as suggested. Would this have to be done with each kohana related page changes?

bharat Joined: 2002-05-21 Posts: 7994	Posted: Thu, 2009-12-31 01:54
	This is still on my list of things to investigate, but I haven't made any progress on it yet. --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git

desean84 Joined: 2002-08-15 Posts: 36	Posted: Sat, 2010-03-13 06:41
	hi bharat, just to inform that this is no longer an issue for me in gallery3 rc1 p1

Disallowed key characters in global data.

XUser login