Welcome! Log In Create A New Profile

Advanced

Re: X-Accel-Redirect Decode Patch

Dennis J.
September 09, 2010 08:40AM
Hi,
you cannot use the presence of a character as an indicator to determine if
a string is encoded or not. After all "%" is a perfectly legitimate
character that can be used for a filename or directory.

The question is whether path.data represents the raw encoded version of the
path in which case it must *always* be decoded or if this variable already
represents the decoded version of the path in which case it should *never*
be decoded a second time.

Regards,
Dennis

On 09/09/2010 02:03 PM, rovervr wrote:
> Hi,
> I created a small patch for that issue which works for me. But it needs
> to be reviewed by Igor or someone who knows C better than me.
> It checks the static request from X-Accel-Redirect for '%' and escapes
> them if found.
>
>
> [code]
> --- nginx-0.8.50orig/src/http/modules/ngx_http_static_module.c
> 2010-05-24 14:35:10.000000000 +0200
> +++ nginx-0.8.50/src/http/modules/ngx_http_static_module.c
> 2010-09-09 13:49:49.000000000 +0200
> @@ -47,7 +47,7 @@
> static ngx_int_t
> ngx_http_static_handler(ngx_http_request_t *r)
> {
> - u_char *last, *location;
> + u_char *last, *location, *src, *dst;
> size_t root, len;
> ngx_str_t path;
> ngx_int_t rc;
> @@ -83,6 +83,28 @@
> ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
> "http filename: \"%s\"", path.data);
>
> + /*
> + * X-Accel-Redirect Patch
> + * If the path contains a % it probably must be decoded
> + */
> + if( strstr( path.data, "%" ) != NULL )
> + {
> + ngx_str_t *uri =&path;
> +
> + dst = uri->data;
> + src = uri->data;
> +
> + ngx_unescape_uri(&dst,&src, uri->len, NGX_UNESCAPE_URI );
> +
> + len = uri->len - ( src - dst ) + 1;
> + if ( len )
> + {
> + dst = ngx_copy( dst, src, len);
> + }
> + uri->len = dst - uri->data;
> + }
> +
> +
> clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
>
> ngx_memzero(&of, sizeof(ngx_open_file_info_t));
>
> [/code]
>
> It would be nice to get a little feedback if this is ok.
>
> best regards,
>
> Volker Richter
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,128346,128745#msg-128745
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

[Bug] X-Accel-Redirect

rovervr September 08, 2010 06:56AM

Re: [Bug] X-Accel-Redirect

Maxim Dounin September 08, 2010 11:16AM

X-Accel-Redirect Decode Patch

rovervr September 09, 2010 08:03AM

Re: X-Accel-Redirect Decode Patch

Dennis J. September 09, 2010 08:40AM

Re: X-Accel-Redirect Decode Patch

Maxim Dounin September 09, 2010 01:28PM

Re: [Bug] X-Accel-Redirect

rovervr September 09, 2010 08:50AM

Re: [Bug] X-Accel-Redirect

rovervr September 09, 2010 02:19PM

Re: [Bug] X-Accel-Redirect

rovervr September 09, 2010 02:29PM

Re: [Bug] X-Accel-Redirect

rovervr October 03, 2010 10:11AM

Re: [Bug] X-Accel-Redirect

Maxim Dounin September 09, 2010 02:42PM

Re: [Bug] X-Accel-Redirect

Maxim Dounin September 09, 2010 02:50PM

Re: [Bug] X-Accel-Redirect

Maxim Dounin October 16, 2010 01:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 68
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready