Here is the patch for Tomcat 3.2.x, turned out to be fairly straightforward, but again there may be a better place to put this fix and there may be security issues I hadn't considered...Thanks again! David Weinrich
--- FileUtil.java Thu Dec 28 19:19:43 2000
+++ FileUtilEd.java Thu Dec 28 19:20:14 2000
@@ -281,6 +281,11 @@
}
patchPath = sb.toString();
}
+
+ if ( patchPath.indexOf( '%' ) != -1 ) { // contains encoded data
+ patchPath = RequestUtil.URLDecode( patchPath );
+ }
+
return patchPath;
}
