The sanitizing of parameters to UserParameters as implemented in ZBX-790 is (purposely) aggressive, but without any means of escaping or quoting the special characters, most of my UserParameters are broken. For example, I make extensive use of regular expressions in my UserParameters. Based on the list of suppressed characters ('\'"`*?[-]{}~$!&;()<>|#@'), they all broke.

So, there are two problems with this: 1. There is no way to escape these special characters so that they can still be used. 2. It wasn't well documented. (A significant change like this deserves more than just a simple mention of the ticket in the release notes.)

For the time being, I have removed the check from my agents' code, but can we investigate a less strong-armed way of addressing this potential attack vector?