Mercurial > hg > nginx
comparison src/http/modules/ngx_http_static_module.c @ 7848:1bde031b59ff
Location header escaping in redirects (ticket #882).
The header is escaped in redirects based on request URI or
location name (auto redirect).
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 24 May 2021 21:55:20 +0300 |
parents | b399246ea45d |
children | d26db4f82d7d |
comparison
equal
deleted
inserted
replaced
7847:1336a33cff33 | 7848:1bde031b59ff |
---|---|
48 static ngx_int_t | 48 static ngx_int_t |
49 ngx_http_static_handler(ngx_http_request_t *r) | 49 ngx_http_static_handler(ngx_http_request_t *r) |
50 { | 50 { |
51 u_char *last, *location; | 51 u_char *last, *location; |
52 size_t root, len; | 52 size_t root, len; |
53 uintptr_t escape; | |
53 ngx_str_t path; | 54 ngx_str_t path; |
54 ngx_int_t rc; | 55 ngx_int_t rc; |
55 ngx_uint_t level; | 56 ngx_uint_t level; |
56 ngx_log_t *log; | 57 ngx_log_t *log; |
57 ngx_buf_t *b; | 58 ngx_buf_t *b; |
153 r->headers_out.location = ngx_list_push(&r->headers_out.headers); | 154 r->headers_out.location = ngx_list_push(&r->headers_out.headers); |
154 if (r->headers_out.location == NULL) { | 155 if (r->headers_out.location == NULL) { |
155 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 156 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
156 } | 157 } |
157 | 158 |
158 len = r->uri.len + 1; | 159 escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, |
159 | 160 NGX_ESCAPE_URI); |
160 if (!clcf->alias && r->args.len == 0) { | 161 |
162 if (!clcf->alias && r->args.len == 0 && escape == 0) { | |
163 len = r->uri.len + 1; | |
161 location = path.data + root; | 164 location = path.data + root; |
162 | 165 |
163 *last = '/'; | 166 *last = '/'; |
164 | 167 |
165 } else { | 168 } else { |
169 len = r->uri.len + escape + 1; | |
170 | |
166 if (r->args.len) { | 171 if (r->args.len) { |
167 len += r->args.len + 1; | 172 len += r->args.len + 1; |
168 } | 173 } |
169 | 174 |
170 location = ngx_pnalloc(r->pool, len); | 175 location = ngx_pnalloc(r->pool, len); |
171 if (location == NULL) { | 176 if (location == NULL) { |
172 ngx_http_clear_location(r); | 177 ngx_http_clear_location(r); |
173 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 178 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
174 } | 179 } |
175 | 180 |
176 last = ngx_copy(location, r->uri.data, r->uri.len); | 181 if (escape) { |
182 last = (u_char *) ngx_escape_uri(location, r->uri.data, | |
183 r->uri.len, NGX_ESCAPE_URI); | |
184 | |
185 } else { | |
186 last = ngx_copy(location, r->uri.data, r->uri.len); | |
187 } | |
177 | 188 |
178 *last = '/'; | 189 *last = '/'; |
179 | 190 |
180 if (r->args.len) { | 191 if (r->args.len) { |
181 *++last = '?'; | 192 *++last = '?'; |