details: https://hg.nginx.org/njs/rev/280e866c2973
branches:
changeset: 1845:280e866c2973
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Thu Apr 28 17:23:02 2022 -0700
description:
HTTP: expect escaped URIs in r.internalRedirect().
Similarly to the nginx change in 975d7ab37b39 (1.17.2), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.
Previously, the URI was used as is.
diffstat:
nginx/ngx_http_js_module.c | 15 +++++++++++++--
1 files changed, 13 insertions(+), 2 deletions(-)
diffs (32 lines):
diff -r b20de7bcee61 -r 280e866c2973 nginx/ngx_http_js_module.c
--- a/nginx/ngx_http_js_module.c Thu Apr 28 16:37:14 2022 -0700
+++ b/nginx/ngx_http_js_module.c Thu Apr 28 17:23:02 2022 -0700
@@ -890,7 +890,9 @@ ngx_http_js_content_write_event_handler(
static void
ngx_http_js_content_finalize(ngx_http_request_t *r, ngx_http_js_ctx_t *ctx)
{
- ngx_str_t args;
+ ngx_str_t args;
+ ngx_int_t rc;
+ ngx_uint_t flags;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http js content rc: %i", ctx->status);
@@ -900,7 +902,16 @@ ngx_http_js_content_finalize(ngx_http_re
ngx_http_named_location(r, &ctx->redirect_uri);
} else {
- ngx_http_split_args(r, &ctx->redirect_uri, &args);
+ ngx_str_null(&args);
+ flags = NGX_HTTP_LOG_UNSAFE;
+
+ rc = ngx_http_parse_unsafe_uri(r, &ctx->redirect_uri, &args,
+ &flags);
+ if (rc != NGX_OK) {
+ ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
ngx_http_internal_redirect(r, &ctx->redirect_uri, &args);
}
}
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org