Jean-Frederic wrote:
On Mon, 2007-06-04 at 12:08 +0000, [EMAIL PROTECTED] wrote:
Author: mturk
Date: Mon Jun 4 05:08:33 2007
New Revision: 544137
URL: http://svn.apache.org/viewvc?view=rev&rev=544137
Log:
Add simple URI normalizer that can deal with things like %252e%252e. This is
mostly copy/paste from the IIS module
Note that we should rollback
http://svn.apache.org/viewvc?view=rev&revision=538975 too, shouldn't we?
Of course. It was already reported by lots of users that FWDURICOMPATUNPARSED
breaks many current deployments where users expect the uri passed
will be r->uri, not r->unparsed_uri. In such situation users are
forcing the JK_OPT_FWDURICOMPAT anyhow, and are still suffering from
security implications.
Regards,
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]