Mercurial > hg > nginx-vendor-current
comparison src/http/ngx_http_request.c @ 676:bfa81a0490a2 NGINX_1_3_1
nginx 1.3.1
*) Security: now nginx/Windows ignores trailing dot in URI path
component, and does not allow URIs with ":$" in it.
Thanks to Vladimir Kochetkov, Positive Research Center.
*) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
directives, and the "server" directive inside the "upstream" block,
now support IPv6 addresses.
*) Feature: the "resolver" directive now support IPv6 addresses and an
optional port specification.
*) Feature: the "least_conn" directive inside the "upstream" block.
*) Feature: it is now possible to specify a weight for servers while
using the "ip_hash" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
"image_filter" directive was used; the bug had appeared in 1.3.0.
*) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
had appeared in 1.1.12.
*) Bugfix: access to variables from SSI and embedded perl module might
not work after reconfiguration.
Thanks to Yichun Zhang.
*) Bugfix: in the ngx_http_xslt_filter_module.
Thanks to Kuramoto Eiji.
*) Bugfix: memory leak if $geoip_org variable was used.
Thanks to Denis F. Latypoff.
*) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
directives.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Tue, 05 Jun 2012 00:00:00 +0400 |
| parents | 4dcaf40cc702 |
| children | 981b4c44593b |
comparison
equal
deleted
inserted
replaced
| 675:7052a9379344 | 676:bfa81a0490a2 |
|---|---|
| 810 r->args.data = r->args_start; | 810 r->args.data = r->args_start; |
| 811 } | 811 } |
| 812 | 812 |
| 813 #if (NGX_WIN32) | 813 #if (NGX_WIN32) |
| 814 { | 814 { |
| 815 u_char *p; | 815 u_char *p, *last; |
| 816 | |
| 817 p = r->uri.data; | |
| 818 last = r->uri.data + r->uri.len; | |
| 819 | |
| 820 while (p < last) { | |
| 821 | |
| 822 if (*p++ == ':') { | |
| 823 | |
| 824 /* | |
| 825 * this check covers "::$data", "::$index_allocation" and | |
| 826 * ":$i30:$index_allocation" | |
| 827 */ | |
| 828 | |
| 829 if (p < last && *p == '$') { | |
| 830 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
| 831 "client sent unsafe win32 URI"); | |
| 832 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
| 833 return; | |
| 834 } | |
| 835 } | |
| 836 } | |
| 816 | 837 |
| 817 p = r->uri.data + r->uri.len - 1; | 838 p = r->uri.data + r->uri.len - 1; |
| 818 | 839 |
| 819 while (p > r->uri.data) { | 840 while (p > r->uri.data) { |
| 820 | 841 |
| 823 continue; | 844 continue; |
| 824 } | 845 } |
| 825 | 846 |
| 826 if (*p == '.') { | 847 if (*p == '.') { |
| 827 p--; | 848 p--; |
| 828 continue; | |
| 829 } | |
| 830 | |
| 831 if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) { | |
| 832 p -= 7; | |
| 833 continue; | 849 continue; |
| 834 } | 850 } |
| 835 | 851 |
| 836 break; | 852 break; |
| 837 } | 853 } |
| 1931 return; | 1947 return; |
| 1932 } | 1948 } |
| 1933 | 1949 |
| 1934 if (rc == NGX_OK && r->filter_finalize) { | 1950 if (rc == NGX_OK && r->filter_finalize) { |
| 1935 c->error = 1; | 1951 c->error = 1; |
| 1936 ngx_http_finalize_connection(r); | |
| 1937 return; | |
| 1938 } | 1952 } |
| 1939 | 1953 |
| 1940 if (rc == NGX_DECLINED) { | 1954 if (rc == NGX_DECLINED) { |
| 1941 r->content_handler = NULL; | 1955 r->content_handler = NULL; |
| 1942 r->write_event_handler = ngx_http_core_run_phases; | 1956 r->write_event_handler = ngx_http_core_run_phases; |