Mercurial > hg > nginx-vendor-current
comparison src/http/ngx_http_request.c @ 676:bfa81a0490a2 NGINX_1_3_1
nginx 1.3.1
*) Security: now nginx/Windows ignores trailing dot in URI path
component, and does not allow URIs with ":$" in it.
Thanks to Vladimir Kochetkov, Positive Research Center.
*) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
directives, and the "server" directive inside the "upstream" block,
now support IPv6 addresses.
*) Feature: the "resolver" directive now support IPv6 addresses and an
optional port specification.
*) Feature: the "least_conn" directive inside the "upstream" block.
*) Feature: it is now possible to specify a weight for servers while
using the "ip_hash" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
"image_filter" directive was used; the bug had appeared in 1.3.0.
*) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
had appeared in 1.1.12.
*) Bugfix: access to variables from SSI and embedded perl module might
not work after reconfiguration.
Thanks to Yichun Zhang.
*) Bugfix: in the ngx_http_xslt_filter_module.
Thanks to Kuramoto Eiji.
*) Bugfix: memory leak if $geoip_org variable was used.
Thanks to Denis F. Latypoff.
*) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
directives.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 05 Jun 2012 00:00:00 +0400 |
parents | 4dcaf40cc702 |
children | 981b4c44593b |
comparison
equal
deleted
inserted
replaced
675:7052a9379344 | 676:bfa81a0490a2 |
---|---|
810 r->args.data = r->args_start; | 810 r->args.data = r->args_start; |
811 } | 811 } |
812 | 812 |
813 #if (NGX_WIN32) | 813 #if (NGX_WIN32) |
814 { | 814 { |
815 u_char *p; | 815 u_char *p, *last; |
816 | |
817 p = r->uri.data; | |
818 last = r->uri.data + r->uri.len; | |
819 | |
820 while (p < last) { | |
821 | |
822 if (*p++ == ':') { | |
823 | |
824 /* | |
825 * this check covers "::$data", "::$index_allocation" and | |
826 * ":$i30:$index_allocation" | |
827 */ | |
828 | |
829 if (p < last && *p == '$') { | |
830 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
831 "client sent unsafe win32 URI"); | |
832 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
833 return; | |
834 } | |
835 } | |
836 } | |
816 | 837 |
817 p = r->uri.data + r->uri.len - 1; | 838 p = r->uri.data + r->uri.len - 1; |
818 | 839 |
819 while (p > r->uri.data) { | 840 while (p > r->uri.data) { |
820 | 841 |
823 continue; | 844 continue; |
824 } | 845 } |
825 | 846 |
826 if (*p == '.') { | 847 if (*p == '.') { |
827 p--; | 848 p--; |
828 continue; | |
829 } | |
830 | |
831 if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) { | |
832 p -= 7; | |
833 continue; | 849 continue; |
834 } | 850 } |
835 | 851 |
836 break; | 852 break; |
837 } | 853 } |
1931 return; | 1947 return; |
1932 } | 1948 } |
1933 | 1949 |
1934 if (rc == NGX_OK && r->filter_finalize) { | 1950 if (rc == NGX_OK && r->filter_finalize) { |
1935 c->error = 1; | 1951 c->error = 1; |
1936 ngx_http_finalize_connection(r); | |
1937 return; | |
1938 } | 1952 } |
1939 | 1953 |
1940 if (rc == NGX_DECLINED) { | 1954 if (rc == NGX_DECLINED) { |
1941 r->content_handler = NULL; | 1955 r->content_handler = NULL; |
1942 r->write_event_handler = ngx_http_core_run_phases; | 1956 r->write_event_handler = ngx_http_core_run_phases; |