Pier Fumagalli <[EMAIL PROTECTED]> wrote:
> Craig R. McClanahan <[EMAIL PROTECTED]> wrote:
>
>> IIRC, this is the same as what we saw the last time this kind of thing
>> showed up -- and it was ultimately because of the filesystem logic on the
>> underlying OS. Such a runtime written in C (like most Unix stuff is) will
>> not have any problem at all accepting "foo.jsp\0" and treating it as a
>> reference to "foo.jsp" -- because null bytes delimit Strings in the C I/O
>> library.
>
> This is different, BTW. Under 4.0.3 final (with the old parsing code) %00 is
> not translated into \0, then saving us a lot of hassle in the underlying
> code...
>
> Anyhow, under OS/X with HFS filesystem, something like foo.JsP returns the
> original source of the page...
BTW, give it a shot also with something like test.js%50 (on as many platform
as you can)... Extension matching should be defined case insensitive in the
spec...
Pier
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
