Mercurial > hg > nginx-vendor-current

diff src/http/ngx_http_parse.c @ 530:4c5d2c627a6c NGINX_0_8_17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.8.17 *) Security: now "/../" are disabled in "Destination" request header line. *) Change: now $host variable value is always low case. *) Feature: the $ssl_session_id variable. *) Bugfix: socket leak; the bug had appeared in 0.8.11.
author Igor Sysoev <http://sysoev.ru>
date Mon, 28 Sep 2009 00:00:00 +0400
parents 0161f3197817
children ff463db0be31
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1322,8 +1322,10 @@ ngx_http_parse_unsafe_uri(ngx_http_reque
 
 unsafe:
 
-    ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                  "unsafe URI \"%V\" was detected", uri);
+    if (*flags & NGX_HTTP_LOG_UNSAFE) {
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "unsafe URI \"%V\" was detected", uri);
+    }
 
     return NGX_ERROR;
 }