Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 2744:e50a2faac31d
ngx_path_separator()
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 23 Apr 2009 16:38:59 +0000 |
parents | 20a655d8a1f8 |
children | 2c0f09aa8574 3391f0dad64e |
comparison
equal
deleted
inserted
replaced
2743:d8316f307b6a | 2744:e50a2faac31d |
---|---|
1335 | 1335 |
1336 if (len == 0 || p[0] == '?') { | 1336 if (len == 0 || p[0] == '?') { |
1337 goto unsafe; | 1337 goto unsafe; |
1338 } | 1338 } |
1339 | 1339 |
1340 if (p[0] == '.' && len == 3 && p[1] == '.' && (p[2] == '/' | 1340 if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) { |
1341 #if (NGX_WIN32) | |
1342 || p[2] == '\\' | |
1343 #endif | |
1344 )) | |
1345 { | |
1346 goto unsafe; | 1341 goto unsafe; |
1347 } | 1342 } |
1348 | 1343 |
1349 for ( /* void */ ; len; len--) { | 1344 for ( /* void */ ; len; len--) { |
1350 | 1345 |
1365 if (ch == '\0') { | 1360 if (ch == '\0') { |
1366 *flags |= NGX_HTTP_ZERO_IN_URI; | 1361 *flags |= NGX_HTTP_ZERO_IN_URI; |
1367 continue; | 1362 continue; |
1368 } | 1363 } |
1369 | 1364 |
1370 if ((ch == '/' | 1365 if (ngx_path_separator(ch) && len > 2) { |
1366 | |
1367 /* detect "/../" */ | |
1368 | |
1369 if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { | |
1370 goto unsafe; | |
1371 } | |
1372 | |
1371 #if (NGX_WIN32) | 1373 #if (NGX_WIN32) |
1372 || ch == '\\' | |
1373 #endif | |
1374 ) && len > 2) | |
1375 { | |
1376 /* detect "/../" */ | |
1377 | |
1378 if (p[0] == '.' && p[1] == '.' && p[2] == '/') { | |
1379 goto unsafe; | |
1380 } | |
1381 | |
1382 #if (NGX_WIN32) | |
1383 | |
1384 if (p[2] == '\\') { | |
1385 goto unsafe; | |
1386 } | |
1387 | 1374 |
1388 if (len > 3) { | 1375 if (len > 3) { |
1389 | 1376 |
1390 /* detect "/.../" */ | 1377 /* detect "/.../" */ |
1391 | 1378 |
1392 if (p[0] == '.' && p[1] == '.' && p[2] == '.' | 1379 if (p[0] == '.' && p[1] == '.' && p[2] == '.' |
1393 && (p[3] == '/' || p[3] == '\\')) | 1380 && ngx_path_separator(p[3])) |
1394 { | 1381 { |
1395 goto unsafe; | 1382 goto unsafe; |
1396 } | 1383 } |
1397 } | 1384 } |
1398 #endif | 1385 #endif |