|
Roger Binns
rogerb at rogerbinns.com
Mon May 14 14:32:09 EDT 2007
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Colin Bean wrote: > Have you considered base64 encoding the path data you want sent as a > parameter? Might make your application harder to use, but you could > send whatever you wanted as a parameter without involving apache's url > processing rules. Yes, that falls under "Have some sort of escape sequence that allows them" /./ and /../ are going to be the uncommon case so I'll either ban them outright or think of something that only requires them to be escaped rather than the whole string which is what base64 does. Unfortunately the obvious use of \ is taken since is the path separator under Windows and it gets treated similarly to /. Something like tilde would work although that now makes two special cases for people have to worry about (the /../ and tilde). Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGSKspmOOfHg372QQRApYIAKCx8UaUGwwDkJKsqkK8rDNWxmU/KwCgr1T8 HlEVETadxhw9xITlWrxSys0= =jWEQ -----END PGP SIGNATURE-----
|