"William A. Rowe, Jr." wrote: > > Because loc_walk, dir_walk and family all deal in parsed URIs, and > we have a 256 character code page, there is no way to disambiguate > the %2f from a '/'. If those families handled the unparsed URI we could > do this with no problem, because they would be able to distinguish > %2f from '/'. > > As long as we unparse first, we lose the distinction, and that's what > opens up this flaw.
as i said in my original note, remembering where they were decoded and selectively restoring them where we decide they're allowed is the best answer. not yet attained. > Of course we should find a way to accept %2f in the query string, but > never in the path (including path_info.) disagree.
