# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1265562102 -10800
# Node ID 458bb3038e41057a25e68f8d0fdc7b50981d76bc
# Parent c9a08a7217494a31d4bebc42100f294388fe66a1
Autoindex: escape '?' in file names.

For files with '?' in their names autoindex generated links with '?' not
escaped. This resulted in effectively truncated links as '?' indicates
query string start.

Reported by: Konstantin Leonov

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1318,6 +1318,26 @@ ngx_escape_uri(u_char *dst, u_char *src,
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};

+ /* " ", "#", """, "%", "'", "?", %00-%1F, %7F-%FF */
+
+ static uint32_t html_uri[] = {
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+
+ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
+ 0x800000ad, /* 1000 0000 0000 0000 0000 0000 1010 1101 */
+
+ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
+ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
+
+ /* ~}| {zyx wvut srqp onml kjih gfed cba` */
+ 0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
+
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
+ };
+
/* " ", """, "%", "'", %00-%1F, %7F-%FF */

static uint32_t refresh[] = {
@@ -1361,7 +1381,7 @@ ngx_escape_uri(u_char *dst, u_char *src,
/* mail_auth is the same as memcached */

static uint32_t *map[] =
- { uri, args, html, refresh, memcached, memcached };
+ { uri, args, html, html_uri, refresh, memcached, memcached };


escape = map[type];
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -183,9 +183,10 @@ u_char *ngx_utf8_cpystrn(u_char *dst, u_
#define NGX_ESCAPE_URI 0
#define NGX_ESCAPE_ARGS 1
#define NGX_ESCAPE_HTML 2
-#define NGX_ESCAPE_REFRESH 3
-#define NGX_ESCAPE_MEMCACHED 4
-#define NGX_ESCAPE_MAIL_AUTH 5
+#define NGX_ESCAPE_HTML_URI 3
+#define NGX_ESCAPE_REFRESH 4
+#define NGX_ESCAPE_MEMCACHED 5
+#define NGX_ESCAPE_MAIL_AUTH 6

#define NGX_UNESCAPE_URI 1
#define NGX_UNESCAPE_REDIRECT 2
diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c
--- a/src/http/modules/ngx_http_autoindex_module.c
+++ b/src/http/modules/ngx_http_autoindex_module.c
@@ -343,7 +343,7 @@ ngx_http_autoindex_handler(ngx_http_requ
ngx_cpystrn(entry->name.data, ngx_de_name(&dir), len + 1);

entry->escape = 2 * ngx_escape_uri(NULL, ngx_de_name(&dir), len,
- NGX_ESCAPE_HTML);
+ NGX_ESCAPE_HTML_URI);

if (utf8) {
entry->utf_len = ngx_utf8_length(entry->name.data, entry->name.len);
@@ -418,7 +418,7 @@ ngx_http_autoindex_handler(ngx_http_requ

if (entry[i].escape) {
ngx_escape_uri(b->last, entry[i].name.data, entry[i].name.len,
- NGX_ESCAPE_HTML);
+ NGX_ESCAPE_HTML_URI);

b->last += entry[i].name.len + entry[i].escape;


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel