Security permitted uri chars - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: Security permitted uri chars (/showthread.php?tid=33633) |
Security permitted uri chars - El Forum - 09-02-2010 [eluser]sqwk[/eluser] What exactly are the security implications of adding characters to permitted_ur_chars? Code: $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\?&=()-'; I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI) But is it possible to catch brackets and other characters another way without opening up the barn doors? |