Modified: trunk/mcs/class/System.Web/System.Web/HttpRequest.cs
===================================================================
--- trunk/mcs/class/System.Web/System.Web/HttpRequest.cs        2006-11-30 20:30:53 UTC (rev 68775)
+++ trunk/mcs/class/System.Web/System.Web/HttpRequest.cs        2006-11-30 20:39:00 UTC (rev 68776)
@@ -923,8 +923,10 @@
                               if (worker_request == null)
                                       return String.Empty; // don't check security with an empty string!

-                               if (physical_path == null)
-                                       physical_path = MapPath (CurrentExecutionFilePath);
+                               if (physical_path == null) {
+                                       // Don't call HttpRequest.MapPath here, as that one *trims* the input
+                                       physical_path = worker_request.GetFilePathTranslated ();
+                               }

                               if (SecurityManager.SecurityEnabled) {
                                       new FileIOPermission (FileIOPermissionAccess.PathDiscovery, physical_path).Demand ();