httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject pr#543: %2F in PATH_INFO
Date Wed, 10 Sep 1997 01:41:04 GMT
Ok it looks like unescape_url is called before getparents() and
get_path_info() for the initial process_request path, and for the
sub_req_lookup_uri path ... but not sub_req_lookup_file (which is probably
not a problem). 

So I'm thinking that the %2F -> / mapping causing an error is ... well, a
mistake.  I can't see why it would cause a security problem to let %2F
expand to /. 

But I've only looked at this for 10 minutes. 


View raw message