You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/09/10 03:41:04 UTC

pr#543: %2F in PATH_INFO

Ok it looks like unescape_url is called before getparents() and
get_path_info() for the initial process_request path, and for the
sub_req_lookup_uri path ... but not sub_req_lookup_file (which is probably
not a problem). 

So I'm thinking that the %2F -> / mapping causing an error is ... well, a
mistake.  I can't see why it would cause a security problem to let %2F
expand to /. 

But I've only looked at this for 10 minutes. 

Dean