CodeIgniter Forums
Security permitted uri chars - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forum-21.html)
+--- Thread: Security permitted uri chars (/thread-33633.html)



Security permitted uri chars - El Forum - 09-02-2010

[eluser]sqwk[/eluser]
What exactly are the security implications of adding characters to permitted_ur_chars?

Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\?&=()-';

I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI)

But is it possible to catch brackets and other characters another way without opening up the barn doors?