permitted_uri_chars and $_GET

[eluser]Edemilson Lima[/eluser]
I don't know exactly what is wrong. What error message do you got?
The line that check this in CI is at /system/libraries/URI.php:

Code:

if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", $str))
{
  exit('The URI you submitted has disallowed characters.');
}

Looking at this line, I see that is not necessary to escape the special characters. The preg_quote() function will do this for you. But I don't know why they used preg_match() to do this. It could be done with an eregi() instead. Maybe preg_match() is faster, I don't know. If you look at the line above you will notice that the allowed characters string is enclosed between the brackets "[" and "]". In a regular expression, some special characters work different when enclosed by brackets. The minus (-) sign is to specify a sequence of characters in the ASCII table. For example "a-z" (all letters from A to Z) or "0-9" (all digits from zero to nine). To use the minus as an allowed character you must place it at the end of the string. The other special characters (except the "^" in the beggining of the string enclosed in brackets) are not considered special.

We could try to change the line above to:

Code:

if ( ! eregi("^[".$this->config->item('permitted_uri_chars'))."]+$", $str))

May it works as expected, allowing only the characters in the string, but make changes in a core library is not the best thing to do.