Mercurial > hg > nginx
comparison src/http/modules/ngx_http_dav_module.c @ 3252:ef8cfb09a50b stable-0.7
merge r3162, r3183:
WebDAV fixes:
*) check unsafe Destination
*) omit '\0' from "Location" header on MKCOL request
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 26 Oct 2009 17:45:55 +0000 |
parents | 8c76116820f3 |
children | 555de5bdb800 |
comparison
equal
deleted
inserted
replaced
3251:ff7e1ec2c9a4 | 3252:ef8cfb09a50b |
---|---|
488 } | 488 } |
489 | 489 |
490 p = ngx_http_map_uri_to_path(r, &path, &root, 0); | 490 p = ngx_http_map_uri_to_path(r, &path, &root, 0); |
491 | 491 |
492 *(p - 1) = '\0'; | 492 *(p - 1) = '\0'; |
493 r->uri.len--; | |
493 | 494 |
494 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | 495 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
495 "http mkcol path: \"%s\"", path.data); | 496 "http mkcol path: \"%s\"", path.data); |
496 | 497 |
497 if (ngx_create_dir(path.data, ngx_dir_access(dlcf->access)) | 498 if (ngx_create_dir(path.data, ngx_dir_access(dlcf->access)) |
514 { | 515 { |
515 u_char *p, *host, *last, ch; | 516 u_char *p, *host, *last, ch; |
516 size_t len, root; | 517 size_t len, root; |
517 ngx_err_t err; | 518 ngx_err_t err; |
518 ngx_int_t rc, depth; | 519 ngx_int_t rc, depth; |
519 ngx_uint_t overwrite, slash, dir; | 520 ngx_uint_t overwrite, slash, dir, flags; |
520 ngx_str_t path, uri; | 521 ngx_str_t path, uri, duri, args; |
521 ngx_tree_ctx_t tree; | 522 ngx_tree_ctx_t tree; |
522 ngx_copy_file_t cf; | 523 ngx_copy_file_t cf; |
523 ngx_file_info_t fi; | 524 ngx_file_info_t fi; |
524 ngx_table_elt_t *dest, *over; | 525 ngx_table_elt_t *dest, *over; |
525 ngx_ext_rename_file_t ext; | 526 ngx_ext_rename_file_t ext; |
591 "client sent invalid \"Destination\" header: \"%V\"", | 592 "client sent invalid \"Destination\" header: \"%V\"", |
592 &dest->value); | 593 &dest->value); |
593 return NGX_HTTP_BAD_REQUEST; | 594 return NGX_HTTP_BAD_REQUEST; |
594 | 595 |
595 destination_done: | 596 destination_done: |
597 | |
598 duri.len = last - p; | |
599 duri.data = p; | |
600 flags = 0; | |
601 | |
602 if (ngx_http_parse_unsafe_uri(r, &duri, &args, &flags) != NGX_OK) { | |
603 goto invalid_destination; | |
604 } | |
596 | 605 |
597 if ((r->uri.data[r->uri.len - 1] == '/' && *(last - 1) != '/') | 606 if ((r->uri.data[r->uri.len - 1] == '/' && *(last - 1) != '/') |
598 || (r->uri.data[r->uri.len - 1] != '/' && *(last - 1) == '/')) | 607 || (r->uri.data[r->uri.len - 1] != '/' && *(last - 1) == '/')) |
599 { | 608 { |
600 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | 609 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
654 | 663 |
655 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | 664 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
656 "http copy from: \"%s\"", path.data); | 665 "http copy from: \"%s\"", path.data); |
657 | 666 |
658 uri = r->uri; | 667 uri = r->uri; |
659 | 668 r->uri = duri; |
660 r->uri.len = last - p; | |
661 r->uri.data = p; | |
662 | 669 |
663 ngx_http_map_uri_to_path(r, ©.path, &root, 0); | 670 ngx_http_map_uri_to_path(r, ©.path, &root, 0); |
664 | 671 |
665 r->uri = uri; | 672 r->uri = uri; |
666 | 673 |