IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-18 21:23:36 -06:00
Code Issues Packages Projects Releases Wiki Activity

Perl: expect escaped URIs in $r->internal_redirect().

Browse Source 
Similarly to the change in 5491:74bfa803a5aa (1.5.9), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.
This commit is contained in:
Maxim Dounin 2019-07-12 15:39:26 +03:00
parent 9e883a2e48
commit 8df08b02b8
3 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/http/modules/perl/nginx.xs
View File

@ -952,17 +952,6 @@ internal_redirect(r, uri)
croak("ngx_http_perl_sv2str() failed");
}
for (i = 0; i < ctx->redirect_uri.len; i++) {
if (ctx->redirect_uri.data[i] == '?') {
ctx->redirect_args.len = ctx->redirect_uri.len - (i + 1);
ctx->redirect_args.data = &ctx->redirect_uri.data[i + 1];
ctx->redirect_uri.len = i;
XSRETURN_EMPTY;
}
}
void
allow_ranges(r)

10
src/http/modules/perl/ngx_http_perl_module.c
View File

@ -184,6 +184,7 @@ ngx_http_perl_handle_request(ngx_http_request_t *r)
SV *sub;
ngx_int_t rc;
ngx_str_t uri, args, *handler;
ngx_uint_t flags;
ngx_http_perl_ctx_t *ctx;
ngx_http_perl_loc_conf_t *plcf;
ngx_http_perl_main_conf_t *pmcf;
@ -237,7 +238,6 @@ ngx_http_perl_handle_request(ngx_http_request_t *r)
if (ctx->redirect_uri.len) {
uri = ctx->redirect_uri;
args = ctx->redirect_args;
} else {
uri.len = 0;
@ -257,6 +257,14 @@ ngx_http_perl_handle_request(ngx_http_request_t *r)
}
if (uri.len) {
ngx_str_null(&args);
flags = NGX_HTTP_LOG_UNSAFE;
if (ngx_http_parse_unsafe_uri(r, &uri, &args, &flags) != NGX_OK) {
ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
return;
}
ngx_http_internal_redirect(r, &uri, &args);
ngx_http_finalize_request(r, NGX_DONE);
return;

1
src/http/modules/perl/ngx_http_perl_module.h
View File

@ -25,7 +25,6 @@ typedef struct {
ngx_str_t filename;
ngx_str_t redirect_uri;
ngx_str_t redirect_args;
SV *next;