By default, CodeIgniter blocks %27 (') from appearing in URLs. I have commented out the entire $config['permitted_uri_chars'] directive as a result. However, when I am now parsing part of the URL as a method argument that contains %27, or any other URL encoded portion, CodeIgniter converts it into a plain ?, before I can even run rawurledcode() on it. How can I stop it from doing this? We're using CI v1.7.x.
Here is some simple code to show it:
In the "Program" controller:
function test($parameter)
{
echo $parameter;
}
Then we load http://example.com/program/test/o%27clock, and we get:
o?clock
I expected o'clock or at least o%27clock which I could just rawurldecode() with to get o'clock.
UPDATE: Unfortunately, I was wrong. It was not being caused by CodeIgniter. Rather, the presences of suhosin was doing the substitution.
The problem wasn't CodeIgniter. It was suhosin.