Mercurial > hg > nginx-vendor-0-6
comparison src/core/ngx_string.c @ 320:95183808f549 NGINX_0_6_4
nginx 0.6.4
*) Security: the "msie_refresh" directive allowed XSS.
Thanks to Maxim Boguk.
*) Change: the "proxy_store" and "fastcgi_store" directives were
changed.
*) Feature: the "proxy_store_access" and "fastcgi_store_access"
directives.
*) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun
Studio.
Thanks to Andrei Nigmatulin.
*) Workaround: for Sun Studio 12.
Thanks to Jiang Hong.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 17 Jul 2007 00:00:00 +0400 |
parents | 9b7db0df50f0 |
children | d16d691432c9 |
comparison
equal
deleted
inserted
replaced
319:6ccd0af7f704 | 320:95183808f549 |
---|---|
103 | 103 |
104 | 104 |
105 u_char * | 105 u_char * |
106 ngx_vsnprintf(u_char *buf, size_t max, const char *fmt, va_list args) | 106 ngx_vsnprintf(u_char *buf, size_t max, const char *fmt, va_list args) |
107 { | 107 { |
108 u_char *p, zero, *last, temp[NGX_INT64_LEN + 1]; | 108 u_char *p, zero, *last, temp[NGX_INT64_LEN + 1]; |
109 /* | 109 /* |
110 * really we need temp[NGX_INT64_LEN] only, | 110 * really we need temp[NGX_INT64_LEN] only, |
111 * but icc issues the warning | 111 * but icc issues the warning |
112 */ | 112 */ |
113 int d; | 113 int d; |
114 size_t len; | 114 size_t len; |
115 uint32_t ui32; | 115 uint32_t ui32; |
116 int64_t i64; | 116 int64_t i64; |
117 uint64_t ui64; | 117 uint64_t ui64; |
118 ngx_msec_t ms; | 118 ngx_msec_t ms; |
119 ngx_str_t *s; | 119 ngx_uint_t width, sign, hexadecimal, max_width; |
120 ngx_uint_t width, sign, hexadecimal, max_width; | 120 ngx_variable_value_t *v; |
121 static u_char hex[] = "0123456789abcdef"; | 121 static u_char hex[] = "0123456789abcdef"; |
122 static u_char HEX[] = "0123456789ABCDEF"; | 122 static u_char HEX[] = "0123456789ABCDEF"; |
123 | 123 |
124 if (max == 0) { | 124 if (max == 0) { |
125 return buf; | 125 return buf; |
126 } | 126 } |
127 | 127 |
186 | 186 |
187 | 187 |
188 switch (*fmt) { | 188 switch (*fmt) { |
189 | 189 |
190 case 'V': | 190 case 'V': |
191 s = va_arg(args, ngx_str_t *); | 191 v = va_arg(args, ngx_variable_value_t *); |
192 | 192 |
193 len = s->len & 0xffff; | 193 len = v->len; |
194 len = (buf + len < last) ? len : (size_t) (last - buf); | 194 len = (buf + len < last) ? len : (size_t) (last - buf); |
195 | 195 |
196 buf = ngx_cpymem(buf, s->data, len); | 196 buf = ngx_cpymem(buf, v->data, len); |
197 fmt++; | 197 fmt++; |
198 | 198 |
199 continue; | 199 continue; |
200 | 200 |
201 case 's': | 201 case 's': |
1023 | 1023 |
1024 static uint32_t html[] = { | 1024 static uint32_t html[] = { |
1025 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1025 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1026 | 1026 |
1027 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ | 1027 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ |
1028 0x800000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */ | 1028 0x000000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */ |
1029 | 1029 |
1030 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ | 1030 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ |
1031 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ | 1031 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ |
1032 | 1032 |
1033 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ | 1033 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ |
1037 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1037 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1038 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1038 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1039 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1039 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1040 }; | 1040 }; |
1041 | 1041 |
1042 | 1042 /* " ", """, "'", %00-%1F, %7F-%FF */ |
1043 switch (type) { | 1043 |
1044 case NGX_ESCAPE_HTML: | 1044 static uint32_t refresh[] = { |
1045 escape = html; | 1045 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
1046 break; | 1046 |
1047 case NGX_ESCAPE_ARGS: | 1047 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ |
1048 escape = args; | 1048 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */ |
1049 break; | 1049 |
1050 default: | 1050 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ |
1051 escape = uri; | 1051 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ |
1052 break; | 1052 |
1053 } | 1053 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ |
1054 0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */ | |
1055 | |
1056 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1057 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1058 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1059 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
1060 }; | |
1061 | |
1062 static uint32_t *map[] = { uri, args, html, refresh }; | |
1063 | |
1064 | |
1065 escape = map[type]; | |
1054 | 1066 |
1055 if (dst == NULL) { | 1067 if (dst == NULL) { |
1056 | 1068 |
1057 /* find the number of the characters to be escaped */ | 1069 /* find the number of the characters to be escaped */ |
1058 | 1070 |