croxton/gist:1931841

## gistfile1.txt
Currently you're stuck if you need to return JSONP from a EE template, because appending callback=? to your uri will make EE throw an Invalid Get Date error. In case you didn't know, JSONP is a great way to do cross-domain AJAX and let your EE website function as a web service.

To get round this restriction in EE 2.4 amend line 116 of /system/expressionengine/core/EE_Input.php from:

elseif (preg_match("#(;|\?|exec\s*\(|system\s*\(|passthru\s*\(|cmd\s*\(|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $val))

To:
elseif (preg_match("#(;|\?\S+|exec\s*\(|system\s*\(|passthru\s*\(|cmd\s*\(|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $val))

This still gives you protection against the use of ? in query strings to pass arguments, but allows you to append a ? to the very end of your query only - which is all we need.
	Currently you're stuck if you need to return JSONP from a EE template, because appending callback=? to your uri will make EE throw an Invalid Get Date error. In case you didn't know, JSONP is a great way to do cross-domain AJAX and let your EE website function as a web service.

	To get round this restriction in EE 2.4 amend line 116 of /system/expressionengine/core/EE_Input.php from:

	elseif (preg_match("#(;\|\?\|exec\s\(\|system\s\(\|passthru\s\(\|cmd\s\(\|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $val))

	To:
	elseif (preg_match("#(;\|\?\S+\|exec\s\(\|system\s\(\|passthru\s\(\|cmd\s\(\|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $val))

	This still gives you protection against the use of ? in query strings to pass arguments, but allows you to append a ? to the very end of your query only - which is all we need.