[eluser]sqwk[/eluser]
What exactly are the security implications of adding characters to permitted_ur_chars?
Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\?&=()-';
I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI)
But is it possible to catch brackets and other characters another way without opening up the barn doors?