09-02-2010, 10:53 AM
[eluser]sqwk[/eluser]
What exactly are the security implications of adding characters to permitted_ur_chars?
I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI)
But is it possible to catch brackets and other characters another way without opening up the barn doors?
What exactly are the security implications of adding characters to permitted_ur_chars?
Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\?&=()-';
I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI)
But is it possible to catch brackets and other characters another way without opening up the barn doors?