Security permitted uri chars

#1
[eluser]sqwk[/eluser]
What exactly are the security implications of adding characters to permitted_ur_chars?

Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\?&=()-';

I need to enable &?= because of PHP in order to use query strings (PHP as FastCGI)

But is it possible to catch brackets and other characters another way without opening up the barn doors?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.