diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2011-10-11 17:54:38 +0000 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2011-10-11 17:54:38 +0000 |
| commit | e3d6c5a33cd31a788c345e6c936852db0805bb6d (patch) | |
| tree | 108c18bb18b19d8592fdd49f5fedaa40d9eccd0f /src/http/modules/ngx_http_log_module.c | |
| parent | 0d19f020ba932be2959a9249b6f58c4151e7c443 (diff) | |
| download | nginx-e3d6c5a33cd31a788c345e6c936852db0805bb6d.tar.gz nginx-e3d6c5a33cd31a788c345e6c936852db0805bb6d.zip | |
Improved access log escaping to better protect other software.
Some character sets (notably ISO-8859-1) have C1 control characters in
upper half, make sure to escape them.
Reported by Jesus Olmos Gonzalez.
Diffstat (limited to 'src/http/modules/ngx_http_log_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_log_module.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c index 9728d5411..da6fbb619 100644 --- a/src/http/modules/ngx_http_log_module.c +++ b/src/http/modules/ngx_http_log_module.c @@ -690,12 +690,12 @@ ngx_http_log_escape(u_char *dst, u_char *src, size_t size) 0x10000000, /* 0001 0000 0000 0000 0000 0000 0000 0000 */ /* ~}| {zyx wvut srqp onml kjih gfed cba` */ - 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + 0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */ - 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ - 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ - 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ - 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; |