You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@kiwi.ics.uci.edu> on 1997/09/10 09:49:56 UTC
Re: pr#543: %2F in PATH_INFO
>So I'm thinking that the %2F -> / mapping causing an error is ... well, a
>mistake. I can't see why it would cause a security problem to let %2F
>expand to /.
When I looked at it a while back, I didn't see any problem provided that
the %2F were converted before the path and access checks. Note that we
only want to convert the ones in the path --- anything in the query args
should be left as-is.
....Roy