According to rfc1808 sec 5.2, the ".." should be left at the beginning
of the URL path. But according to the new rfc3986 sec 5.4.2, the ".."
should be removed from the beginning of the URL path.
With this new behavior implemented, wget would never make a URL request
with ".." in it except in the query string. Therefore ".." would never
need to be encoded since a query string with "blah/../blah" would always
be encoded to "blah%2F..%2Fblah" and would not affect the file system path.
Frank
I wanted to let you know how widespread this issue (accidental use of
".." after the domain name) affects various websites. I randomly
sampled 120 websites from dmoz.org and found that 11 of the sites (9%)
had this problem. Of the 11, several of the sites had over 1000 URLs
that were saved as "http://blah.com/%2E%2E/*";.
Thanks,
Frank
