Welcome! Log In Create A New Profile

Re: [Bug] X-Accel-Redirect

Forum List Message List New Topic Print View

Maxim Dounin

October 16, 2010 01:26PM

Hello!

[sorry for long delay, I had no time to review the patch]

On Sun, Oct 03, 2010 at 10:11:58AM -0400, rovervr wrote:

> This is the last version of the patch for version 0.8.52 which is now
> live on our production servers for several days without any flaws.
>
> http://www.coderain.de/nginx/nginx-0.8.52-xred.patch
>
> The escaping takes place at ngx_http_parse_unsafe_uri() as Maxim
> suggested.

s/escaping/unescaping/

This patch is wrong. It will unescape query string as well, which
is expected to remain escaped. Additionaly, at least "../" unsafe
check should be reconsidered after unescaping.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
[Bug] X-Accel-Redirect	rovervr	September 08, 2010 06:56AM
Re: [Bug] X-Accel-Redirect	Maxim Dounin	September 08, 2010 11:16AM
X-Accel-Redirect Decode Patch	rovervr	September 09, 2010 08:03AM
Re: X-Accel-Redirect Decode Patch	Dennis J.	September 09, 2010 08:40AM
Re: X-Accel-Redirect Decode Patch	Maxim Dounin	September 09, 2010 01:28PM
Re: [Bug] X-Accel-Redirect	rovervr	September 09, 2010 08:50AM
Re: [Bug] X-Accel-Redirect	rovervr	September 09, 2010 02:19PM
Re: [Bug] X-Accel-Redirect	rovervr	September 09, 2010 02:29PM
Re: [Bug] X-Accel-Redirect	rovervr	October 03, 2010 10:11AM
Re: [Bug] X-Accel-Redirect	Maxim Dounin	September 09, 2010 02:42PM
Re: [Bug] X-Accel-Redirect	Maxim Dounin	September 09, 2010 02:50PM
Re: [Bug] X-Accel-Redirect	Maxim Dounin	October 16, 2010 01:26PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 180

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018