At 12:57 PM 3/19/2003, William A. Rowe, Jr. wrote: >It would be best if we unparsed and tracked the offsets in the source and >unescaped query strings of individual components (scheme, user, host, >path, path_info and query). We could do something as simple as counting >the number of slashes in the source and target paths, and failing only when >those two components mismatch.
Whoh... This would be even more cool for Win32. Folks abusing backslashes for slashes in the 'real path' could be caught (our dir_walk is twisting those backslashes into slashes, but we rejected those backslashes long before we got that far.) But backslashes would become legit in the path_info and query args on Win32. This last (most sophisticated) solution fixes even more problems than I originally thought. Counting slashes could be very cool. Bill
