nginx-vendor-current: src/http/modules/ngx_http_dav

comparison src/http/modules/ngx_http_dav_module.c @ 530:4c5d2c627a6c NGINX_0_8_17

nginx 0.8.17 *) Security: now "/../" are disabled in "Destination" request header line. *) Change: now $host variable value is always low case. *) Feature: the $ssl_session_id variable. *) Bugfix: socket leak; the bug had appeared in 0.8.11.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 28 Sep 2009 00:00:00 +0400
parents	7efcdb937752
children	f7ec98e3caeb

comparison

equal deleted inserted replaced

-:b8ac674b0ec9
+:4c5d2c627a6c
 {
 u_char                   *p, *host, *last, ch;
 size_t                    len, root;
 ngx_err_t                 err;
 ngx_int_t                 rc, depth;
-ngx_uint_t                overwrite, slash, dir;
+ngx_uint_t                overwrite, slash, dir, flags;
-ngx_str_t                 path, uri;
+ngx_str_t                 path, uri, duri, args;
 ngx_tree_ctx_t            tree;
 ngx_copy_file_t           cf;
 ngx_file_info_t           fi;
 ngx_table_elt_t          *dest, *over;
 ngx_ext_rename_file_t     ext;
 "client sent invalid \"Destination\" header: \"%V\"",
 &dest->value);
 return NGX_HTTP_BAD_REQUEST;
 destination_done:
+duri.len = last - p;
+duri.data = p;
+flags = 0;
+if (ngx_http_parse_unsafe_uri(r, &duri, &args, &flags) != NGX_OK) {
+goto invalid_destination;
+}
 if ((r->uri.data[r->uri.len - 1] == '/' && *(last - 1) != '/')
 || (r->uri.data[r->uri.len - 1] != '/' && *(last - 1) == '/'))
 {
 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
 "http copy from: \"%s\"", path.data);
 uri = r->uri;
+r->uri = duri;
-r->uri.len = last - p;
-r->uri.data = p;
 ngx_http_map_uri_to_path(r, &copy.path, &root, 0);
 r->uri = uri;

Mercurial > hg > nginx-vendor-current

comparison src/http/modules/ngx_http_dav_module.c @ 530:4c5d2c627a6c NGINX_0_8_17