httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: double slashes (was Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux)
Date Fri, 03 Nov 1995 15:16:28 GMT
  1. Remove no2slash()
  2. In directory walk (or wherever we match the URL to a file) _reject_
     a filename with a void path segment.

-1.  This problem, if there is a problem, is in the alias code exclusively.
The directory walk code is not implicated, and I see no reason to mess with
it without due cause, at this point in the release cycle --- that being a
clear bug which has to do directly with it.


View raw message