Copyright (C) 1995, 1996 Open Software Foundation, Inc. All Rights Reserved (DCE-Web). Please see COPYRIGHT.DCEWEB from the source distribution. To download the patch02 for WanD, click on "Patch02". Extract the tar file patch-02.tar and replace the file wand/finduri.c, on your wand source tree, with the one provided here. Content of patch-02.tar: README-PATCH02 - this file wand/finduri.c - file patched =================================================================== README text for PATCH02 This patch fixes a bug in the WanD server code that caused it to read the wrong acl when a user typed in a URL with a "./" relative path, as in: http://www.server.com/public_html/./mydoc.html instead of http://www.server.com/public_html/mydoc.html The WanD server successfully located the file in the server's document tree but supplied the name of the file, including the './' string to the acl evaluation code. If you created an acl for the file public_html/mydoc.html, then 'public_html/mydoc.html' would be the name for the acl in the WanD acl database. The check for the acl with the './' in the path would fail. The WanD server would use the inherited acl instead, either the acl for public_html if it existed, or for the root directory. The patch fixes the bug by checking for and eliminating any './' strings in the canonical form of file and acl names in the WanD server. Note that the original version of the source correctly identified and canonicalized names with embedded '../' strings, so the name http://www.server.com/public_html/dir/../doc.html becomes instead http://www.server.com/public_html/doc.html.