Welcome! Log In Create A New Profile

Advanced

[PATCH] Autoindex: escape '?' in file names

Maxim Dounin
February 07, 2010 12:10PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1265562102 -10800
# Node ID 458bb3038e41057a25e68f8d0fdc7b50981d76bc
# Parent c9a08a7217494a31d4bebc42100f294388fe66a1
Autoindex: escape '?' in file names.

For files with '?' in their names autoindex generated links with '?' not
escaped. This resulted in effectively truncated links as '?' indicates
query string start.

Reported by: Konstantin Leonov

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1318,6 +1318,26 @@ ngx_escape_uri(u_char *dst, u_char *src,
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};

+ /* " ", "#", """, "%", "'", "?", %00-%1F, %7F-%FF */
+
+ static uint32_t html_uri[] = {
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+
+ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
+ 0x800000ad, /* 1000 0000 0000 0000 0000 0000 1010 1101 */
+
+ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
+ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
+
+ /* ~}| {zyx wvut srqp onml kjih gfed cba` */
+ 0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
+
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ };
+
/* " ", """, "%", "'", %00-%1F, %7F-%FF */

static uint32_t refresh[] = {
@@ -1361,7 +1381,7 @@ ngx_escape_uri(u_char *dst, u_char *src,
/* mail_auth is the same as memcached */

static uint32_t *map[] =
- { uri, args, html, refresh, memcached, memcached };
+ { uri, args, html, html_uri, refresh, memcached, memcached };


escape = map[type];
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -183,9 +183,10 @@ u_char *ngx_utf8_cpystrn(u_char *dst, u_
#define NGX_ESCAPE_URI 0
#define NGX_ESCAPE_ARGS 1
#define NGX_ESCAPE_HTML 2
-#define NGX_ESCAPE_REFRESH 3
-#define NGX_ESCAPE_MEMCACHED 4
-#define NGX_ESCAPE_MAIL_AUTH 5
+#define NGX_ESCAPE_HTML_URI 3
+#define NGX_ESCAPE_REFRESH 4
+#define NGX_ESCAPE_MEMCACHED 5
+#define NGX_ESCAPE_MAIL_AUTH 6

#define NGX_UNESCAPE_URI 1
#define NGX_UNESCAPE_REDIRECT 2
diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c
--- a/src/http/modules/ngx_http_autoindex_module.c
+++ b/src/http/modules/ngx_http_autoindex_module.c
@@ -343,7 +343,7 @@ ngx_http_autoindex_handler(ngx_http_requ
ngx_cpystrn(entry->name.data, ngx_de_name(&dir), len + 1);

entry->escape = 2 * ngx_escape_uri(NULL, ngx_de_name(&dir), len,
- NGX_ESCAPE_HTML);
+ NGX_ESCAPE_HTML_URI);

if (utf8) {
entry->utf_len = ngx_utf8_length(entry->name.data, entry->name.len);
@@ -418,7 +418,7 @@ ngx_http_autoindex_handler(ngx_http_requ

if (entry[i].escape) {
ngx_escape_uri(b->last, entry[i].name.data, entry[i].name.len,
- NGX_ESCAPE_HTML);
+ NGX_ESCAPE_HTML_URI);

b->last += entry[i].name.len + entry[i].escape;


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Autoindex: escape '?' in file names

Maxim Dounin 3026 February 07, 2010 12:10PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 143
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready