Mercurial > hg > nginx-vendor-current

diff src/http/modules/ngx_http_ssi_filter_module.c @ 108:cf3d6edb3ad6 NGINX_0_3_1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.1 *) Bugfix: the segmentation fault occurred when the signal queue overflowed if the "rtsig" method was used; bug appeared in 0.2.0. *) Change: correct handling of the "\\", "\"", "\'", and "\$" pairs in SSI.
author Igor Sysoev <http://sysoev.ru>
date Mon, 10 Oct 2005 00:00:00 +0400
parents f63280c59dd5
children 408f195b3482
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c
@@ -1130,14 +1130,15 @@ ngx_http_ssi_parse(ngx_http_request_t *r
 
         case ssi_double_quoted_value_state:
             switch (ch) {
+            case '"':
+                state = ssi_postparam_state;
+                break;
+
             case '\\':
                 ctx->saved_state = ssi_double_quoted_value_state;
                 state = ssi_quoted_symbol_state;
-                break;
-
-            case '"':
-                state = ssi_postparam_state;
-                break;
+
+                /* fall through */
 
             default:
                 ctx->param->value.data[ctx->param->value.len++] = ch;
@@ -1157,14 +1158,15 @@ ngx_http_ssi_parse(ngx_http_request_t *r
 
         case ssi_quoted_value_state:
             switch (ch) {
+            case '\'':
+                state = ssi_postparam_state;
+                break;
+
             case '\\':
                 ctx->saved_state = ssi_quoted_value_state;
                 state = ssi_quoted_symbol_state;
-                break;
-
-            case '\'':
-                state = ssi_postparam_state;
-                break;
+
+                /* fall through */
 
             default:
                 ctx->param->value.data[ctx->param->value.len++] = ch;
@@ -1183,6 +1185,20 @@ ngx_http_ssi_parse(ngx_http_request_t *r
             break;
 
         case ssi_quoted_symbol_state:
+            state = ctx->saved_state;
+
+            if (ch == '\\') {
+                break;
+            }
+
+            if (ch == '"' && state == ssi_double_quoted_value_state) {
+                break;
+            }
+
+            if (ch == '\'' && state == ssi_quoted_value_state) {
+                break;
+            }
+
             ctx->param->value.data[ctx->param->value.len++] = ch;
 
             if (ctx->param->value.len == ctx->value_len) {
@@ -1197,7 +1213,6 @@ ngx_http_ssi_parse(ngx_http_request_t *r
                 }
             }
 
-            state = ctx->saved_state;
             break;
 
         case ssi_postparam_state:
@@ -1486,13 +1501,25 @@ ngx_http_ssi_evaluate_string(ngx_http_re
             }
 
         } else {
-            part.len = 0;
             part.data = &text->data[i];
 
-            while (i < text->len && text->data[i] != '$') {
-                i++;
-                part.len++;
+            for (p = part.data; i < text->len; i++) {
+                ch = text->data[i];
+
+                if (ch == '$') {
+                    if (text->data[i - 1] != '\\') {
+                        break;
+                    }
+
+                    *(p - 1) = ch;
+
+                    continue;
+                }
+
+                *p++ = ch;
             }
+
+            part.len = p - part.data;
         }
 
         len += part.len;