CI_URI changes related to the 'permitted_uri_chars' setting

 - Initialize and cache the value in the class constructor instead of searching for it every time
 - Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration
 - Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything

Related: issue #2799

1 files changed, 6 insertions, 3 deletions

diff --git a/application/config/config.php b/application/config/config.php
index cd2ca479b..5240f6c26 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -141,15 +141,18 @@ $config['subclass_prefix'] = 'MY_';
 | Allowed URL Characters
 |--------------------------------------------------------------------------
 |
-| This lets you specify with a regular expression which characters are permitted
-| within your URLs.  When someone tries to submit a URL with disallowed
-| characters they will get a warning message.
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
 |
 | As a security measure you are STRONGLY encouraged to restrict URLs to
 | as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
 |
 | Leave blank to allow all characters -- but only if you are insane.
 |
+| The configured value is actually a regular expression character group
+| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i
+|
 | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
 |
 */