Mercurial > hg > nginx-tests

diff proxy_xar.t @ 367:0726521e42f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added tests for escaped and unsafe URIs. This covers problems in DAV, SSI, X-Accel-Redirect fixed in 1.5.9.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 25 Dec 2013 12:03:40 +0400
parents 77c301be6c2d
children 847ea345becb
line wrap: on
line diff
--- a/proxy_xar.t
+++ b/proxy_xar.t
@@ -21,7 +21,7 @@ use Test::Nginx;
 select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
-my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(8);
+my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(14);
 
 $t->write_file_expand('nginx.conf', <<'EOF');
 
@@ -84,4 +84,22 @@ like($r, qr/^Expires: fake/m, 'Expires p
 like($r, qr/^Accept-Ranges: parrots/m, 'Accept-Ranges preserved');
 unlike($r, qr/^Something/m, 'other headers stripped');
 
+TODO: {
+local $TODO = 'escaped characters' unless $t->has_version('1.5.9');
+
+like(http_get('/proxy?xar=/foo?bar'), qr/200 OK.*xar: \/foo\?bar/s,
+	'X-Accel-Redirect value unchanged');
+unlike(http_get('/proxy?xar=..'), qr/200 OK/,
+	'X-Accel-Redirect unsafe dotdot');
+unlike(http_get('/proxy?xar=../foo'), qr/200 OK/,
+	'X-Accel-Redirect unsafe dotdotsep');
+unlike(http_get('/proxy?xar=/foo/..'), qr/200 OK/,
+	'X-Accel-Redirect unsafe sepdotdot');
+unlike(http_get('/proxy?xar=/foo/.%2e'), qr/200 OK/,
+	'X-Accel-Redirect unsafe unescaped');
+like(http_get('/proxy?xar=/foo%20bar'), qr/uri: \/foo bar/,
+	'X-Accel-Redirect unescaped');
+
+}
+
 ###############################################################################