You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/09/10 03:41:04 UTC
pr#543: %2F in PATH_INFO
Ok it looks like unescape_url is called before getparents() and
get_path_info() for the initial process_request path, and for the
sub_req_lookup_uri path ... but not sub_req_lookup_file (which is probably
not a problem).
So I'm thinking that the %2F -> / mapping causing an error is ... well, a
mistake. I can't see why it would cause a security problem to let %2F
expand to /.
But I've only looked at this for 10 minutes.
Dean