Mercurial > hg > nginx-quic
diff src/http/ngx_http_parse.c @ 575:fcd6fc7ff7f9 release-0.3.9
nginx-0.3.9-RELEASE import
*) Bugfix: nginx considered URI as unsafe if two any symbols was
between two slashes; the bug had appeared in 0.3.8.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 10 Nov 2005 07:44:53 +0000 |
parents | 58475592100c |
children | 4d9ea73a627a |
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1056,7 +1056,7 @@ ngx_http_parse_unsafe_uri(ngx_http_reque /* detect "/../" */ - if (p[2] == '/') { + if (p[0] == '.' && p[1] == '.' && p[2] == '/') { goto unsafe; } @@ -1070,7 +1070,9 @@ ngx_http_parse_unsafe_uri(ngx_http_reque /* detect "/.../" */ - if (p[3] == '/' || p[3] == '\\') { + if (p[0] == '.' && p[1] == '.' && p[2] == '.' + && (p[3] == '/' || p[3] == '\\')) + { goto unsafe; } }