CI_URI changes related to the 'permitted_uri_chars' setting
- Initialize and cache the value in the class constructor instead of searching for it every time
- Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration
- Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything
Related: issue #2799
diff --git a/application/config/config.php b/application/config/config.php
index cd2ca47..5240f6c 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -141,15 +141,18 @@
| Allowed URL Characters
|--------------------------------------------------------------------------
|
-| This lets you specify with a regular expression which characters are permitted
-| within your URLs. When someone tries to submit a URL with disallowed
-| characters they will get a warning message.
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
+| The configured value is actually a regular expression character group
+| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i
+|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/