https://bz.apache.org/bugzilla/show_bug.cgi?id=55887
William A. Rowe Jr. <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from William A. Rowe Jr. <[email protected]> --- The behavior is correct, only REG and DIR entities can be allowed in the path, other entities such as CHR files must be forbidden. Treating these as not-found may lead to further iterations by mod_speling and other modules attempting to work around the file name and potentially revealing concealed files. E.g. /CON -> notfound -> /.conf (redirected by mod_speling to a somewhat hidden file.) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
