--- trunk/Apache/httpd/modules/dav/main/util.c	(revision 173038)
+++ trunk/Apache/httpd/modules/dav/main/util.c	(revision 173039)
@@ -633,6 +633,13 @@ 
             }
             /* note that parsed_uri.path is allocated; we can trash it */
 
+            /* the resources we will compare to have unencoded paths */
+            if (ap_unescape_url(parsed_uri.path) != OK) {
+                return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+                                     DAV_ERR_IF_TAGGED, rv,
+                                     "Invalid percent encoded URI in tagged If-header.");
+            }
+            
             /* clean up the URI a bit */
             ap_getparents(parsed_uri.path);
             uri_len = strlen(parsed_uri.path);