Mercurial > hg > nginx
comparison src/http/modules/ngx_http_static_module.c @ 7848:1bde031b59ff
Location header escaping in redirects (ticket #882).
The header is escaped in redirects based on request URI or
location name (auto redirect).
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Mon, 24 May 2021 21:55:20 +0300 |
| parents | b399246ea45d |
| children | d26db4f82d7d |
comparison
equal
deleted
inserted
replaced
| 7847:1336a33cff33 | 7848:1bde031b59ff |
|---|---|
| 48 static ngx_int_t | 48 static ngx_int_t |
| 49 ngx_http_static_handler(ngx_http_request_t *r) | 49 ngx_http_static_handler(ngx_http_request_t *r) |
| 50 { | 50 { |
| 51 u_char *last, *location; | 51 u_char *last, *location; |
| 52 size_t root, len; | 52 size_t root, len; |
| 53 uintptr_t escape; | |
| 53 ngx_str_t path; | 54 ngx_str_t path; |
| 54 ngx_int_t rc; | 55 ngx_int_t rc; |
| 55 ngx_uint_t level; | 56 ngx_uint_t level; |
| 56 ngx_log_t *log; | 57 ngx_log_t *log; |
| 57 ngx_buf_t *b; | 58 ngx_buf_t *b; |
| 153 r->headers_out.location = ngx_list_push(&r->headers_out.headers); | 154 r->headers_out.location = ngx_list_push(&r->headers_out.headers); |
| 154 if (r->headers_out.location == NULL) { | 155 if (r->headers_out.location == NULL) { |
| 155 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 156 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
| 156 } | 157 } |
| 157 | 158 |
| 158 len = r->uri.len + 1; | 159 escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, |
| 159 | 160 NGX_ESCAPE_URI); |
| 160 if (!clcf->alias && r->args.len == 0) { | 161 |
| 162 if (!clcf->alias && r->args.len == 0 && escape == 0) { | |
| 163 len = r->uri.len + 1; | |
| 161 location = path.data + root; | 164 location = path.data + root; |
| 162 | 165 |
| 163 *last = '/'; | 166 *last = '/'; |
| 164 | 167 |
| 165 } else { | 168 } else { |
| 169 len = r->uri.len + escape + 1; | |
| 170 | |
| 166 if (r->args.len) { | 171 if (r->args.len) { |
| 167 len += r->args.len + 1; | 172 len += r->args.len + 1; |
| 168 } | 173 } |
| 169 | 174 |
| 170 location = ngx_pnalloc(r->pool, len); | 175 location = ngx_pnalloc(r->pool, len); |
| 171 if (location == NULL) { | 176 if (location == NULL) { |
| 172 ngx_http_clear_location(r); | 177 ngx_http_clear_location(r); |
| 173 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 178 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
| 174 } | 179 } |
| 175 | 180 |
| 176 last = ngx_copy(location, r->uri.data, r->uri.len); | 181 if (escape) { |
| 182 last = (u_char *) ngx_escape_uri(location, r->uri.data, | |
| 183 r->uri.len, NGX_ESCAPE_URI); | |
| 184 | |
| 185 } else { | |
| 186 last = ngx_copy(location, r->uri.data, r->uri.len); | |
| 187 } | |
| 177 | 188 |
| 178 *last = '/'; | 189 *last = '/'; |
| 179 | 190 |
| 180 if (r->args.len) { | 191 if (r->args.len) { |
| 181 *++last = '?'; | 192 *++last = '?'; |