DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21395>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21395 [PATCH] don't normalize away /foo/.. for files as foo may be a symlink ------- Additional Comments From [EMAIL PROTECTED] 2003-07-09 08:14 ------- I'm still not convinced though about this security thing. Even with normalizing, you can access (or at least address) any file on the filesystem. The normalizing is either done by the SourceResolver or the operating system, but in both cases it's almost the same, except for taking account of symbolic links. The issue with HTTP request URI's seems different to me. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
