Follow the following steps

请按照以下步骤操作

1. Search for function _clean_input_keyson /system/core/Input.php
2. update this exit(‘Disallowed Key Characters.');to exit(‘Disallowed Key Characters.' . $str);

1. 在/system/core/Input.php上搜索函数_clean_input_keys
2. 更新此退出（'不允许的关键字符。'）；to exit('Disallowed Key Characters.' . $str);

Had a similar problem, so, for the sake of Google search results:

有一个类似的问题，所以，为了谷歌搜索结果：

__utmt is a cookie. More specificly, a Google Analytics cookie. The ~Number part probably means it's a copy/duplicate. Think of it like the word.doc~1 files that are stored on your computer when working in a Word doc.

__utmt 是一个 cookie。更具体地说，是 Google Analytics cookie。~Number 部分可能意味着它是一个副本/重复。把它想象成在使用 Word 文档时存储在您的计算机上的 word.doc~1 文件。

So first, check your Analytics code on the website, is there a duplicate somewhere? My problem was solved by altering this duplicated line:

所以首先，检查网站上的 Analytics 代码，是否有重复的地方？我的问题是通过改变这个重复的行来解决的：

var pageTracker = _gat._getTracker("UA-1234567-89");
var pageTracker = _gat._getTracker("UA-1234567-89");

Weird thing is that the file always had this duplicated line of code, for as far as my GIT goes back. It might be a change in the way analytics code handles cookies...

奇怪的是，文件总是有这行重复的代码，就我的 GIT 而言。这可能是分析代码处理 cookie 的方式发生了变化......

Oh, and the "Disallowed Key Characters" part. That's normally a good thing, protecting your CI app against evil.

哦，还有“不允许的关键字符”部分。这通常是一件好事，可以保护您的 CI 应用程序免受恶意攻击。

Its in the system\core\Input.php file.

它在 system\core\Input.php 文件中。

if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) {
    // there is no ~ in this regex pattern
    // You could add it, but you probably end up breaking other stuff ("/^[\w:~\/]+$/i")
    exit('Disallowed Key Characters');
}

Change on system/core/Input.php

更改system/core/Input.php

if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
                {
                      exit('Disallowed Key Characters.');
                }


to 

if ( ! preg_match("/^[a-z0-9:_\/-~]+$/i", $str))
                {
                      exit('Disallowed Key Characters.');
                }

I was just going to comment, but I do not have enough reputation, apparently. I had a similar problem this morning. It was being caused by a cookie (__utmt_~1). My site does create a cookie called __utmt but not with the single underscore, tilde and 1. I suspect that __utmt_~1 is a duplicate of the original cookie, but I am not sure how it was created. However - clearing my cookies stopped the Disallowed Key Characters message.

我只是想发表评论，但显然我没有足够的声誉。今天早上我遇到了类似的问题。它是由 cookie (__utmt_~1) 引起的。我的网站确实创建了一个名为 __utmt 的 cookie，但没有使用单个下划线、波浪号和 1。我怀疑 __utmt_~1 是原始 cookie 的副本，但我不确定它是如何创建的。但是 - 清除我的 cookie 停止了 Disallowed Key Characters 消息。

In case you have this problem with recaptcha of google (POST variable named g-recaptcha-response) in my case was solved adding a escaped hyphen at the end of the listed characters like this:

如果您g-recaptcha-response在我的情况下遇到google 的 recaptcha（名为 POST 变量）的问题，可以在列出的字符的末尾添加一个转义的连字符，如下所示：

    if ( ! preg_match("/^[~a-z0-9:_\/-\|\-]+$/i", $str)){

to the file system/core/Input.php

到文件系统/core/Input.php

Though its a old post, its still relevant today as the message is cryptic and brings the website to its knees in no time.

虽然它是一个旧帖子，但它今天仍然具有相关性，因为该消息是神秘的，并且很快就使网站瘫痪。

In my case, in the test system, all of a sudden, started receiving this message for every page that gets an user input through GET/POST. Later found that to be the result of additional filter I added recently to the php.ini as below, which promised, to configure the default filter to behave exactly like htmlspecialchars().

就我而言，在测试系统中，突然间，开始为每个通过 GET/POST 获取用户输入的页面接收此消息。后来发现这是我最近添加到 php.ini 的附加过滤器的结果，如下所示，它承诺将默认过滤器配置为与 htmlspecialchars() 完全一样的行为。

[filter]
filter.default = full_special_chars
filter.default_flags = 0

On removing these filters from the php.ini file, the error was gone. Hope this helps somebody who encounters the same problem.

从 php.ini 文件中删除这些过滤器后，错误消失了。希望这可以帮助遇到同样问题的人。