Mercurial > hg > nginx-tests
diff proxy_xar.t @ 367:0726521e42f3
Tests: added tests for escaped and unsafe URIs.
This covers problems in DAV, SSI, X-Accel-Redirect fixed in 1.5.9.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 25 Dec 2013 12:03:40 +0400 |
parents | 77c301be6c2d |
children | 847ea345becb |
line wrap: on
line diff
--- a/proxy_xar.t +++ b/proxy_xar.t @@ -21,7 +21,7 @@ use Test::Nginx; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(8); +my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(14); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -84,4 +84,22 @@ like($r, qr/^Expires: fake/m, 'Expires p like($r, qr/^Accept-Ranges: parrots/m, 'Accept-Ranges preserved'); unlike($r, qr/^Something/m, 'other headers stripped'); +TODO: { +local $TODO = 'escaped characters' unless $t->has_version('1.5.9'); + +like(http_get('/proxy?xar=/foo?bar'), qr/200 OK.*xar: \/foo\?bar/s, + 'X-Accel-Redirect value unchanged'); +unlike(http_get('/proxy?xar=..'), qr/200 OK/, + 'X-Accel-Redirect unsafe dotdot'); +unlike(http_get('/proxy?xar=../foo'), qr/200 OK/, + 'X-Accel-Redirect unsafe dotdotsep'); +unlike(http_get('/proxy?xar=/foo/..'), qr/200 OK/, + 'X-Accel-Redirect unsafe sepdotdot'); +unlike(http_get('/proxy?xar=/foo/.%2e'), qr/200 OK/, + 'X-Accel-Redirect unsafe unescaped'); +like(http_get('/proxy?xar=/foo%20bar'), qr/uri: \/foo bar/, + 'X-Accel-Redirect unescaped'); + +} + ###############################################################################