Mercurial > hg > nginx
comparison src/core/ngx_string.c @ 4192:61e4af19df9f
Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped. This resulted in effectively truncated links as '?' indicates
query string start.
This is an updated version of the patch originally posted at [1]. It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986. This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.
[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html
Reported by Konstantin Leonov.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 11 Oct 2011 17:56:51 +0000 |
parents | 59b99f217c6d |
children | 9679fc14c063 |
comparison
equal
deleted
inserted
replaced
4191:08d8af70760c | 4192:61e4af19df9f |
---|---|
1378 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1378 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1379 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1379 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1380 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1380 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1381 }; | 1381 }; |
1382 | 1382 |
1383 /* not ALPHA, DIGIT, "-", ".", "_", "~" */ | |
1384 | |
1385 static uint32_t uri_component[] = { | |
1386 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1387 | |
1388 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ | |
1389 0xfc009fff, /* 1111 1100 0000 0000 1001 1111 1111 1111 */ | |
1390 | |
1391 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ | |
1392 0x78000001, /* 0111 1000 0000 0000 0000 0000 0000 0001 */ | |
1393 | |
1394 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ | |
1395 0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */ | |
1396 | |
1397 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1398 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1399 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1400 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1401 }; | |
1402 | |
1383 /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */ | 1403 /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */ |
1384 | 1404 |
1385 static uint32_t html[] = { | 1405 static uint32_t html[] = { |
1386 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1406 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1387 | 1407 |
1441 }; | 1461 }; |
1442 | 1462 |
1443 /* mail_auth is the same as memcached */ | 1463 /* mail_auth is the same as memcached */ |
1444 | 1464 |
1445 static uint32_t *map[] = | 1465 static uint32_t *map[] = |
1446 { uri, args, html, refresh, memcached, memcached }; | 1466 { uri, args, uri_component, html, refresh, memcached, memcached }; |
1447 | 1467 |
1448 | 1468 |
1449 escape = map[type]; | 1469 escape = map[type]; |
1450 | 1470 |
1451 if (dst == NULL) { | 1471 if (dst == NULL) { |