diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2007-08-20 09:50:53 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2007-08-20 09:50:53 +0000 |
| commit | d4ff5616814b2632f0c6f5fe84b38a57029e80aa (patch) | |
| tree | 619ad682d00d90e0b0fd990e588a375382cadd5f /src/core/ngx_string.c | |
| parent | 4edb1d61e9d254a9faccc8de9f99eeabc631386d (diff) | |
| download | nginx-d4ff5616814b2632f0c6f5fe84b38a57029e80aa.tar.gz nginx-d4ff5616814b2632f0c6f5fe84b38a57029e80aa.zip | |
escape " ", "%", and %00-%1F in login and password
Diffstat (limited to 'src/core/ngx_string.c')
| -rw-r--r-- | src/core/ngx_string.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c index a07dbebeb..aac68477f 100644 --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1019,7 +1019,7 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", """, "%", "'", %00-%1F, %7F-%FF */ + /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t html[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ @@ -1039,13 +1039,13 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", """, "'", %00-%1F, %7F-%FF */ + /* " ", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t refresh[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ - 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */ + 0x000000a5, /* 0000 0000 0000 0000 0000 0000 1010 0101 */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1059,13 +1059,13 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", %00-%1F */ + /* " ", "%", %00-%1F */ static uint32_t memcached[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ - 0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */ + 0x00000021, /* 0000 0000 0000 0000 0000 0000 0010 0001 */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1079,7 +1079,10 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ }; - static uint32_t *map[] = { uri, args, html, refresh, memcached }; + /* mail_auth is the same as memcached */ + + static uint32_t *map[] = + { uri, args, html, refresh, memcached, memcached }; escape = map[type]; |