string file = "."+combine_path("/",request->not_query);
file = Protocols.HTTP.uri_decode(file);
Stdio.Stat s = file_stat( file );If the not_query contains "..%2F", combine_path sees that as a perfectly normal directory, and then it gets URI decoded, and Pike will happily read files outside of the directory it's been set to. Is there a reason the URI decode is done after combine_path? ChrisA
