what will be the problem if allowing all characters in permitted_uri_chars

$config['permitted_uri_chars'] = '+=\a-z 0-9~%.:_-';

What will happen if i am allowing +=/ or some more chars?

I would like to send and receive base64 of an email address as an unique identification and when i do base64 i can see = appearing mostly as the last character.

so i want to use = in uri. and it is working well.

What will be the security risk?

The reason they are 'illegal' is that they can be used to craft an attack via the URI.

See http://ellislab.com/forums/viewthread/109429/ for a solution that doesn't require altering this regex.

ok. let me read that. and will come back.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.