diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2011-11-01 14:09:15 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2011-11-01 14:09:15 +0000 |
| commit | 844ce56e348734b597ba9307dff2d5051a280b52 (patch) | |
| tree | e4bff18600fcdee3b8c01a1a8529384a8ad55651 /src/core/ngx_string.c | |
| parent | 5fdf27caec130f041771ee51daaf38e9574141d4 (diff) | |
| download | nginx-844ce56e348734b597ba9307dff2d5051a280b52.tar.gz nginx-844ce56e348734b597ba9307dff2d5051a280b52.zip | |
Merging r4193, r4194:
Autoindex fixes:
*) Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped. This resulted in effectively truncated links as '?' indicates
query string start.
This is an updated version of the patch originally posted at [1]. It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986. This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.
[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html
*) Autoindex: escape html in file names.
Diffstat (limited to 'src/core/ngx_string.c')
| -rw-r--r-- | src/core/ngx_string.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c index 75bc6578d..8f29e9070 100644 --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1380,6 +1380,26 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; + /* not ALPHA, DIGIT, "-", ".", "_", "~" */ + + static uint32_t uri_component[] = { + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + + /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ + 0xfc009fff, /* 1111 1100 0000 0000 1001 1111 1111 1111 */ + + /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ + 0x78000001, /* 0111 1000 0000 0000 0000 0000 0000 0001 */ + + /* ~}| {zyx wvut srqp onml kjih gfed cba` */ + 0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */ + + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + }; + /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t html[] = { @@ -1443,7 +1463,7 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) /* mail_auth is the same as memcached */ static uint32_t *map[] = - { uri, args, html, refresh, memcached, memcached }; + { uri, args, uri_component, html, refresh, memcached, memcached }; escape = map[type]; |