httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: Apache compatibility with NCSA for %2f? (fwd)
Date Tue, 03 Dec 1996 00:19:37 GMT
----- Forwarded message from Lou D. Langholtz -----

From: "Lou D. Langholtz" <ldl@cs.utah.edu>
Organization: University of Utah
Newsgroups: comp.infosystems.www.servers.unix
To: apache-bugs@apache.org
Subject: Re: Apache compatibility with NCSA for %2f?

Still haven't heard from anyone on this. Anyone know what's the scoop?
ie. was this to prevent a security whole, to conform to a standard, or
just bad code? Thanks!!

Lou D. Langholtz wrote:
> 
> Anyone know why Apache's unescape_url(char *url) has to retun
> BAD_REQUEST if it encounters %2f? NCSA's server just converts it to the
> slash ('/') character.
> 
> At least this might be something for the incompatabilities page at
> <http://www.apache.org/docs/compat_notes.html>. Cheers ;-)

----- End of forwarded message from Lou D. Langholtz -----


Mime
View raw message