Nick Kew wrote:
Looks like a potential util_ function. Cousin to both apr_uri and apr_xlate.
xlate() rejects such nonsense, so apr shouldn't need it. It's only an issue in other ecosystems behind httpd, such as dodging the recent Tomcat vulnerability.
