diff options
author | Andrey Andreev <narf@devilix.net> | 2014-01-15 14:51:08 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-01-15 14:51:08 +0100 |
commit | de14aa5a29b1b122bfd536f979dfda7f2fd9f53d (patch) | |
tree | 7f2973fed092400b14f48ba12a95837571441c33 /application | |
parent | 3d215207ceff44193e3c1888b868fc3f691718c0 (diff) |
CI_URI changes related to the 'permitted_uri_chars' setting
- Initialize and cache the value in the class constructor instead of searching for it every time
- Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration
- Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything
Related: issue #2799
Diffstat (limited to 'application')
-rw-r--r-- | application/config/config.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/application/config/config.php b/application/config/config.php index cd2ca479b..5240f6c26 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -141,15 +141,18 @@ $config['subclass_prefix'] = 'MY_'; | Allowed URL Characters |-------------------------------------------------------------------------- | -| This lets you specify with a regular expression which characters are permitted -| within your URLs. When someone tries to submit a URL with disallowed -| characters they will get a warning message. +| This lets you specify which characters are permitted within your URLs. +| When someone tries to submit a URL with disallowed characters they will +| get a warning message. | | As a security measure you are STRONGLY encouraged to restrict URLs to | as few characters as possible. By default only these are allowed: a-z 0-9~%.:_- | | Leave blank to allow all characters -- but only if you are insane. | +| The configured value is actually a regular expression character group +| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i +| | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ |