The problem is you are using characters not included in the standard Regex. Use this:
!preg_match("/^[a-z0-9x{4e00}-x{9fa5}:;.,?!@#$%^*"~'+=\ &_/.[]-}{]+$/iu", $str)
As per the comments (and personal experience) you should not modify they Input.php file — rather, you should create/use your own MY_Input.php as follows:
<?php
class MY_Input extends CI_Input {
/**
* Clean Keys
*
* This is a helper function. To prevent malicious users
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
* Extended to allow:
* - '.' (dot),
* - '[' (open bracket),
* - ']' (close bracket)
*
* @access private
* @param string
* @return string
*/
function _clean_input_keys($str) {
// UPDATE: Now includes comprehensive Regex that can process escaped JSON
if (!preg_match("/^[a-z0-9:;.,?!@#$%^*"~'+=\ &_/.[]-}{]+$/iu", $str)) {
/**
* Check for Development enviroment - Non-descriptive
* error so show me the string that caused the problem
*/
if (getenv('ENVIRONMENT') && getenv('ENVIRONMENT') == 'DEVELOPMENT') {
var_dump($str);
}
exit('Disallowed Key Characters.');
}
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE) {
$str = $this->uni->clean_string($str);
}
return $str;
}
}
// /?/> /* Should never close php file - if you have a space after code, it can mess your life up */
++Chinese Character Support
// NOTE: x{4e00}-x{9fa5} = allow chinese characters
// NOTE: 'i' — case insensitive
// NOTE: 'u' — UTF-8 mode
if (!preg_match("/^[a-z0-9x{4e00}-x{9fa5}:;.,?!@#$%^*"~'+=\ &_/.[]-}{]+$/iu", $str) { ... }
// NOTE: When Chinese characters are provided in a URL, they are not 'really' there; the browser/OS
// handles the copy/paste -> unicode conversion, eg:
// 一二三 --> xn--4gqsa60b
// 'punycode' converts these codes according to RFC 3492 and RFC 5891.
// https://github.com/bestiejs/punycode.js --- $ bower install punycode
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
