Mercurial > hg > nginx-ranges
comparison src/http/ngx_http_parse.c @ 124:12acc273e340 NGINX_0_3_9
nginx 0.3.9
*) Bugfix: nginx considered URI as unsafe if two any symbols was
between two slashes; bug appeared in 0.3.8.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Thu, 10 Nov 2005 00:00:00 +0300 |
parents | d25a1d6034f1 |
children | df17fbafec8f |
comparison
equal
deleted
inserted
replaced
123:b69cefc48a82 | 124:12acc273e340 |
---|---|
1054 | 1054 |
1055 if (len > 2) { | 1055 if (len > 2) { |
1056 | 1056 |
1057 /* detect "/../" */ | 1057 /* detect "/../" */ |
1058 | 1058 |
1059 if (p[2] == '/') { | 1059 if (p[0] == '.' && p[1] == '.' && p[2] == '/') { |
1060 goto unsafe; | 1060 goto unsafe; |
1061 } | 1061 } |
1062 | 1062 |
1063 #if (NGX_WIN32) | 1063 #if (NGX_WIN32) |
1064 | 1064 |
1068 | 1068 |
1069 if (len > 3) { | 1069 if (len > 3) { |
1070 | 1070 |
1071 /* detect "/.../" */ | 1071 /* detect "/.../" */ |
1072 | 1072 |
1073 if (p[3] == '/' || p[3] == '\\') { | 1073 if (p[0] == '.' && p[1] == '.' && p[2] == '.' |
1074 && (p[3] == '/' || p[3] == '\\')) | |
1075 { | |
1074 goto unsafe; | 1076 goto unsafe; |
1075 } | 1077 } |
1076 } | 1078 } |
1077 #endif | 1079 #endif |
1078 } | 1080 } |