On Thu. 2011-02-10 at 05:57 PM EST, [email protected] wrote: > Author: wrowe > Date: Thu Feb 10 22:57:02 2011 > New Revision: 1069603 ... > > * core: Add NoDecode option to AllowEncodedSlashes to turn off decoding > of encoded slashes in path info. (This is already the behavior of > @@ -192,11 +192,18 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: > Backport version for 2.2.x of patch: > http://people.apache.org/~poirier/AllowEncodedSlashes.22.patch > +1 poirier, jim > + +.1 wrowe; this essentially causes "%2F" -> "%2F" -> "%252F" to any > backend, > + as mentioned previously trunk is broken and decoding to > 'something' > + is necessary for routing such. %2F cannot be distinguished > from > + %252F on the front end, adding risks. All this said, not > against > + an optional broken feature if this warning is placed in the > docs. > + Non-optional broken features are worse :) > + Trunk must be patched identically.
Bill, patching trunk identically would change the behavior of "AllowEncodedSlashes On" in trunk from not decoding %2F to decoding %2F. Before doing that, I wanted to double-check that was the intention, and make sure nobody else objected to that behavior change in trunk. (Background for those who haven't been following along: In trunk, AllowEncodedSlashes On does not decode %2F. In 2.2.x, AllowEncodedSlashes On does decode %2F. The proposed patch to 2.2.x would add another option in 2.2.x, AllowEncodedSlashes NoDecode, which would allow the encoded slashes but not decode them.) Dan
