+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Adding "@" to the "permitted_uri_chars"... does this make me insane? (/showthread.php?tid=35966)
Adding "@" to the "permitted_uri_chars"... does this make me insane? - El Forum - 11-16-2010
[eluser]Unknown[/eluser]
I need to pass an email through the url, and the @ symbol is not allowed. When I add the @ symbol to the "permitted_uri_chars" it works... but... I admit I am naive to the implications. Dangerous?
Adding "@" to the "permitted_uri_chars"... does this make me insane? - El Forum - 11-16-2010
[eluser]Developer13[/eluser]
Why not pass it through a session variable instead?
Adding "@" to the "permitted_uri_chars"... does this make me insane? - El Forum - 11-16-2010
[eluser]pbreit[/eluser]
@ signs are not allowed in URLs (not quite true). Needs to be URL-encoded.
Adding "@" to the "permitted_uri_chars"... does this make me insane? - El Forum - 11-17-2010
[eluser]Dennis Rasmussen[/eluser]
As pbreit said, use the encoded version of @ instead (reserved character): @ = @
Edit: Seems like CI forums decodes the text hehe. Anyway it's % 40 without the space.
Adding "@" to the "permitted_uri_chars"... does this make me insane? - El Forum - 11-17-2010
[eluser]Unknown[/eluser]
I'm not using a session because it's an account activation link that is sent in an email to the customer. It passes back the email address and a random activation code to match. Even when I encoded the "@" symbol though, I still need to have that character in the "“permitted_uri_chars" or it gives me that error.
This is how Facebook does it, so it can't be that bad
I just didn't know if somehow through Codeigniter this would open up vulnerabilities that I'm not aware of... I'm very new to CI, but am loving it! Thank you all for your replys.
Adding "@" to the "permitted_uri_chars"... does this make me insane? - El Forum - 11-17-2010
[eluser]dudeami0[/eluser]
Instead of an email, store a unique id to the email in the database? Just a thought :p