Received: by taz.hyperreal.com (8.6.12/8.6.5) id DAA01763;
 Tue, 31 Oct 1995 03:55:52 -0800
Received: from cass41 by taz.hyperreal.com (8.6.12/8.6.5) with SMTP id
 DAA01620; Tue, 31 Oct 1995 03:54:17 -0800
Received: from mamba.ast.cam.ac.uk by cass41 with smtp
	(Smail3.1.29.1 #9) id m0tAFFM-000CM8C; Tue, 31 Oct 95 11:52 GMT
Received: by mamba.ast.cam.ac.uk (Smail3.1.29.1 #9)
	id m0tAFFL-0000m1C; Tue, 31 Oct 95 11:52 GMT
Message-Id: <m0tAFFL-0000m1C@mamba.ast.cam.ac.uk>
Date: Tue, 31 Oct 95 11:52 GMT
From: drtr@ast.cam.ac.uk (David Robinson)
To: new-httpd@hyperreal.com
Subject: Re: Call for votes on patches to 0.8.15
Content-Length: 1004
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

Randy wrote:
>-1 31a_include.0.8.15.patch     I don't agree with the interpretation of 
>                                how this should work. This would break much
>                                of my include usage by not allowing relative
>                                paths, or paths to files anywhere under
>                                DOCUMENTROOT. I agree that it should not have
>                                access to files anywhere on the system.
>                                virtual != relative

Sigh. Can we be absolutely clear about what you are doing?
Since 0.8, you have been using relative and absolute paths in e.g.
<!--#include file="../inc/zzz" --> directives?

The feature you want is ALREADY available using 
<!--#include virtual="../inc/zzz" -->

except that currently access to files anywhere on the system IS allowed
by using of the file tag. The patch is a security patch to remove that
loophole. It preserves the relative includes using the virtual tag.

 David.