# HG changeset patch # User Sergey Kandaurov # Date 1387958620 -14400 # Node ID 0726521e42f3f09fe802152f80f8b36848bcf476 # Parent 77c301be6c2d5bbcc6907bd78630fa5ea4062afb Tests: added tests for escaped and unsafe URIs. This covers problems in DAV, SSI, X-Accel-Redirect fixed in 1.5.9. diff --git a/dav.t b/dav.t --- a/dav.t +++ b/dav.t @@ -21,7 +21,7 @@ use Test::Nginx; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http dav/)->plan(13); +my $t = Test::Nginx->new()->has(qw/http dav/)->plan(15); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -130,6 +130,23 @@ Connection: close EOF -like($r, qr/201.*(Content-Length|\x0d\0a0\x0d\x0a)/ms, 'move dir'); +like($r, qr/201 Created.*(Content-Length|\x0d\0a0\x0d\x0a)/ms, 'move dir'); + +$r = http(<has_version('1.5.9'); + +is(-s $t->testdir() . '/file-moved escape', 10, 'file copied unescaped'); + +} ############################################################################### diff --git a/proxy_xar.t b/proxy_xar.t --- a/proxy_xar.t +++ b/proxy_xar.t @@ -21,7 +21,7 @@ use Test::Nginx; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(8); +my $t = Test::Nginx->new()->has(qw/http proxy rewrite/)->plan(14); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -84,4 +84,22 @@ like($r, qr/^Expires: fake/m, 'Expires p like($r, qr/^Accept-Ranges: parrots/m, 'Accept-Ranges preserved'); unlike($r, qr/^Something/m, 'other headers stripped'); +TODO: { +local $TODO = 'escaped characters' unless $t->has_version('1.5.9'); + +like(http_get('/proxy?xar=/foo?bar'), qr/200 OK.*xar: \/foo\?bar/s, + 'X-Accel-Redirect value unchanged'); +unlike(http_get('/proxy?xar=..'), qr/200 OK/, + 'X-Accel-Redirect unsafe dotdot'); +unlike(http_get('/proxy?xar=../foo'), qr/200 OK/, + 'X-Accel-Redirect unsafe dotdotsep'); +unlike(http_get('/proxy?xar=/foo/..'), qr/200 OK/, + 'X-Accel-Redirect unsafe sepdotdot'); +unlike(http_get('/proxy?xar=/foo/.%2e'), qr/200 OK/, + 'X-Accel-Redirect unsafe unescaped'); +like(http_get('/proxy?xar=/foo%20bar'), qr/uri: \/foo bar/, + 'X-Accel-Redirect unescaped'); + +} + ############################################################################### diff --git a/ssi.t b/ssi.t --- a/ssi.t +++ b/ssi.t @@ -23,7 +23,7 @@ select STDOUT; $| = 1; plan(skip_all => 'win32') if $^O eq 'MSWin32'; -my $t = Test::Nginx->new()->has(qw/http ssi cache proxy rewrite/)->plan(18); +my $t = Test::Nginx->new()->has(qw/http ssi cache proxy rewrite/)->plan(21); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -83,6 +83,14 @@ EOF 'XX'); $t->write_file('empty.html', ''); +$t->write_file('unescape.html?', 'SEE-THIS'); +$t->write_file('unescape1.html', + 'XX'); +$t->write_file('unescape2.html', + 'XX'); +$t->write_file('unescape3.html', + 'XX'); + $t->run(); ############################################################################### @@ -120,6 +128,20 @@ like(http_get('/test-empty2.html'), qr/H like(http_get('/test-empty3.html'), qr/HTTP/, 'empty with proxy'); like(http_get('/test-empty3.html'), qr/HTTP/, 'empty with proxy cached'); +# handling of escaped URIs + +like(http_get('/unescape1.html'), qr/^XXtestXX$/m, 'escaped in path'); + +TODO: { +local $TODO = 'not yet' unless $t->has_version('1.5.9'); + +like(http_get('/unescape2.html'), qr/^XSEE-THISX$/m, + 'escaped question in path'); +like(http_get('/unescape3.html'), qr/404 Not Found/, + 'escaped query separator'); + +} + like(`grep -F '[alert]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no alerts'); ###############################################################################