Welcome! Log In Create A New Profile

Advanced

[PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.

Kirill A. Korinskiy
March 25, 2009 01:15PM
Raw value of arguments from request string can help for XSS.
---
src/http/ngx_http_variables.c | 54 +++++++++++++++++++++++++++++++++++++++++
1 files changed, 54 insertions(+), 0 deletions(-)

diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c
index 22f213cf6157ab5b99e481835acf9a394ef21919..d5a7923343797c268cd70cdd2e87a70887a41419 100644
--- a/src/http/ngx_http_variables.c
+++ b/src/http/ngx_http_variables.c
@@ -31,6 +31,8 @@ static ngx_int_t ngx_http_variable_cookie(ngx_http_request_t *r,
static ngx_int_t ngx_http_variable_ssi(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
#endif
+static ngx_int_t ngx_http_variable_encode_argument(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_argument(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);

@@ -530,6 +532,15 @@ ngx_http_get_variable(ngx_http_request_t *r, ngx_str_t *name, ngx_uint_t key,
}
#endif

+ if (ngx_strncmp(name->data, "arg_encode_", 11) == 0) {
+
+ if (ngx_http_variable_encode_argument(r, vv, (uintptr_t) name) == NGX_OK) {
+ return vv;
+ }
+
+ return NULL;
+ }
+
if (ngx_strncmp(name->data, "arg_", 4) == 0) {

if (ngx_http_variable_argument(r, vv, (uintptr_t) name) == NGX_OK) {
@@ -831,6 +842,42 @@ ngx_http_variable_ssi(ngx_http_request_t *r, ngx_http_variable_value_t *v,


static ngx_int_t
+ngx_http_variable_encode_argument(ngx_http_request_t *r, ngx_http_variable_value_t *v,
+ uintptr_t data)
+{
+ ngx_str_t *name = (ngx_str_t *) data;
+
+ u_char *arg;
+ size_t len;
+ ngx_str_t value;
+
+ len = name->len - (sizeof("arg_encode_") - 1);
+ arg = name->data + sizeof("arg_encode_") - 1;
+
+ if (ngx_http_arg(r, arg, len, &value) != NGX_OK) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ v->len = value.len +
+ 2 * ngx_escape_uri(NULL, value.data, value.len, NGX_ESCAPE_ARGS);
+
+ v->data = ngx_palloc(r->pool, v->len);
+ if (v->data == NULL) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ (void) ngx_escape_uri(v->data, value.data, value.len, NGX_ESCAPE_ARGS);
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_variable_argument(ngx_http_request_t *r, ngx_http_variable_value_t *v,
uintptr_t data)
{
@@ -1789,6 +1836,13 @@ ngx_http_variables_init_vars(ngx_conf_t *cf)
}
#endif

+ if (ngx_strncmp(v[i].name.data, "arg_encode_", 11) == 0) {
+ v[i].get_handler = ngx_http_variable_encode_argument;
+ v[i].data = (uintptr_t) &v[i].name;
+
+ continue;
+ }
+
if (ngx_strncmp(v[i].name.data, "arg_", 4) == 0) {
v[i].get_handler = ngx_http_variable_argument;
v[i].data = (uintptr_t) &v[i].name;
--
1.6.2
Subject Author Posted

[PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.

Kirill A. Korinskiy March 25, 2009 01:15PM

Re: [PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.

Igor Sysoev March 25, 2009 01:19PM

Re: [PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.

Kirill A. Korinskiy March 25, 2009 02:26PM

Re: [PATCH] Implements the $arg_encode_<name> variables for get url encode value of <name> argument from request string.

Maxim Dounin March 25, 2009 02:35PM

[PATCH] Implements the $encoded_arg_<name> variables for get url encode value of <name> argument from request string.

Kirill A. Korinskiy March 25, 2009 02:59PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 254
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready