[eluser]Chillahan[/eluser]
I have browsed many posts regarding issues with getting query strings tacked on by PayPal. I drove myself nuts adding more and more exceptions, changing the URI library, etc. It seemed even with REQUEST_URI that the & characters were always a problem.
But in the end, I put everything back to the way it was, and the only change I made was:
$config['uri_protocol'] = "ORIG_PATH_INFO";
And with this setting, all seems to work from PayPal. The odd thing is, the page loads with no complaints even when I put in lots of odd shifted numeric characters, which are not in the allowed characters string in config.php.
By using this setting is it leaving the URI wide open to any character and to attacks? I am going to leave it for now but I am concerned, it seems "too easy".
