httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ics.uci.edu>
Subject Re: pr#543: %2F in PATH_INFO
Date Wed, 10 Sep 1997 07:49:56 GMT
>So I'm thinking that the %2F -> / mapping causing an error is ... well, a
>mistake.  I can't see why it would cause a security problem to let %2F
>expand to /. 

When I looked at it a while back, I didn't see any problem provided that
the %2F were converted before the path and access checks.  Note that we
only want to convert the ones in the path --- anything in the query args
should be left as-is.

....Roy

Mime
View raw message