Welcome Guest, Not a member yet? Register   Sign In
Security permitted uri chars
#1

[eluser]sqwk[/eluser]
What exactly are the security implications of adding characters to permitted_ur_chars?

Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\?&=()-';

I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI)

But is it possible to catch brackets and other characters another way without opening up the barn doors?




Theme © iAndrew 2016 - Forum software by © MyBB