httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject pr#543: %2F in PATH_INFO
Date Wed, 10 Sep 1997 01:41:04 GMT
Ok it looks like unescape_url is called before getparents() and
get_path_info() for the initial process_request path, and for the
sub_req_lookup_uri path ... but not sub_req_lookup_file (which is probably
not a problem). 

So I'm thinking that the %2F -> / mapping causing an error is ... well, a
mistake.  I can't see why it would cause a security problem to let %2F
expand to /. 

But I've only looked at this for 10 minutes. 

Dean




Mime
View raw message