httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: double slashes (was Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux)
Date Mon, 06 Nov 1995 17:16:32 GMT
> >Erm, but in point 1 your document not only has multiple URLs but it also
> >behaves differently according to which one is used. No doubt one could
> >construct a rather intriguing website like this (for instance /// would
> >pass // on to all relative links, which could then also have different
> >behaviour...), but is it helpful? Or is that what you are saying?
> Erm, I don't quite understand; I was listing the defects of the NCSA
> behaviour.

Ah, OK. In that case it was I that didn't understand.

> >Ah. So do I understand that you are recommending that either /a//b is
> >redirected (automatically) to /a/b, or it is forbidden? 
> Yes.
> >And what about PATH_INFO when you've done this? Or are you saying that only
> >the filesystem component should be redirected?
> Yes.
> But the bottom line is that Apache is not even self-consistent in its handling
> of //.

It strikes me that self-consistency is not aided by the lack of a definition of
"correct" behaviour. Are there no relevant standards?



Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email:
A.L. Digital Ltd,
London, England.

View raw message