| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Parenthesized ASCII-related calculations. | Valentin Bartenev | 2017-07-17 |
| | | | | | | This also fixes potential undefined behaviour in the range and slice filter modules, caused by local overflows of signed integers in expressions. | ||
| * | Added missing "fall through" comments (ticket #1259). | Maxim Dounin | 2017-04-27 |
| | | | | | Found by gcc7 (-Wimplicit-fallthrough). | ||
| * | Don't pretend we support HTTP major versions >1 as HTTP/1.1. | Ruslan Ermilov | 2017-04-25 |
| | | |||
| * | Allowed '-' in method names. | Maxim Dounin | 2016-10-10 |
| | | | | | | | It is used at least by SOAP (M-POST method, defined by RFC 2774) and by WebDAV versioning (VERSION-CONTROL and BASELINE-CONTROL methods, defined by RFC 3253). | ||
| * | Avoid left-shifting integers into the sign bit, which is undefined. | Sergey Kandaurov | 2016-07-07 |
| | | | | | Found with UndefinedBehaviorSanitizer. | ||
| * | Added overflow checks for version numbers (ticket #762). | Maxim Dounin | 2016-05-18 |
| | | | | | | | | | Both minor and major versions are now limited to 999 maximum. In case of r->http_minor, this limit is already implied by the code. Major version, r->http_major, in theory can be up to 65535 with current code, but such values are very unlikely to become real (and, additionally, such values are not allowed by RFC 7230), so the same test was used for r->http_major. | ||
| * | Overflow detection in ngx_http_parse_chunked(). | Ruslan Ermilov | 2015-03-17 |
| | | |||
| * | Style: add whitespace between control statement and parentheses. | Piotr Sikora | 2014-07-08 |
| | | | | | Signed-off-by: Piotr Sikora <piotr@cloudflare.com> | ||
| * | Upstream: added the "$upstream_cookie_<name>" variables. | Vladimir Homutov | 2014-04-29 |
| | | |||
| * | Apply underscores_in_headers also to the first character. | Piotr Sikora | 2014-03-24 |
| | | | | | Signed-off-by: Piotr Sikora <piotr@cloudflare.com> | ||
| * | Teach ngx_http_parse_unsafe_uri() how to unescape URIs. | Ruslan Ermilov | 2013-12-23 |
| | | | | | | This fixes handling of escaped URIs in X-Accel-Redirect (ticket #316), SSI (ticket #240), and DAV. | ||
| * | Detect more unsafe URIs in ngx_http_parse_unsafe_uri(). | Ruslan Ermilov | 2013-12-23 |
| | | | | | The following URIs were considered safe: "..", "../foo", and "/foo/..". | ||
| * | Proper backtracking after space in a request line. | Ruslan Ermilov | 2013-11-19 |
| | | |||
| * | Minor ngx_http_parse_request_line() optimization. | Maxim Dounin | 2013-08-21 |
| | | | | | Noted by Nils Kuhnhenn. | ||
| * | Fixed ngx_http_parse_chunked() minimal length calculation. | Maxim Dounin | 2013-06-28 |
| | | | | | | | | | Minimal data length we expect for further calls was calculated incorrectly if parsing stopped right after parsing chunk size. This might in theory affect clients and/or backends using LF instead of CRLF. Patch by Dmitry Popov. | ||
| * | Fixed debug logging in ngx_http_parse_complex_uri(). | Maxim Dounin | 2013-06-05 |
| | | | | | | The *u previously logged isn't yet initialized at this point, and Valgrind complains. | ||
| * | Fixed chunk size parsing. | Maxim Dounin | 2013-05-06 |
| | | |||
| * | Preliminary experimental support for SPDY draft 2. | Valentin Bartenev | 2013-03-20 |
| | | |||
| * | Request body: adjust b->pos when chunked parsing done. | Maxim Dounin | 2012-11-21 |
| | | | | | | This is a nop for the current code, though will allow to correctly parse pipelined requests. | ||
| * | Request body: chunked parsing moved to ngx_http_parse.c from proxy. | Maxim Dounin | 2012-11-21 |
| | | | | | No functional changes. | ||
| * | Win32: normalization of trailing dot inside uri. | Maxim Dounin | 2012-06-05 |
| | | | | | | | | Windows treats "/directory./" identical to "/directory/". Do the same when working on Windows. Note that the behaviour is different from one with last path component (where multiple spaces and dots are ignored by Windows). | ||
| * | Fixed spelling in multiline C comments. | Ruslan Ermilov | 2012-04-03 |
| | | |||
| * | For the sake of case/switch code readability, 'fall through' | Maxim Konovalov | 2012-03-19 |
| | | | | | comments added. | ||
| * | Headers with null character are now rejected. | Maxim Dounin | 2012-03-15 |
| | | | | | | Headers with NUL character aren't allowed by HTTP standard and may cause various security problems. They are now unconditionally rejected. | ||
| * | Copyright updated. | Maxim Konovalov | 2012-01-18 |
| | | |||
| * | Added support for IP-literal in the Host header and request line (ticket #1). | Valentin Bartenev | 2011-11-28 |
| | | | | | | | | | | | | | | | | | | | | | Additional parsing logic added to correctly handle RFC 3986 compliant IPv6 and IPvFuture characters enclosed in square brackets. The host validation was completely rewritten. The behavior for non IP literals was changed in a more proper and safer way: - Host part is now delimited either by the first colon or by the end of string if there's no colon. Previously the last colon was used as delimiter which allowed substitution of a port number in the $host variable. (e.g. Host: 127.0.0.1:9000:80) - Fixed stripping of the ending dot in the Host header when the host was also followed by a port number. (e.g. Host: nginx.com.:80) - Fixed upper case characters detection. Previously it was broken which led to wasting memory and CPU. | ||
| * | Protocol version parsing in ngx_http_parse_status_line(). | Maxim Dounin | 2011-09-15 |
| | | | | | | Once we know protocol version, set u->headers_in.connection_close to indicate implicitly assumed connection close with HTTP before 1.1. | ||
| * | style fix | Igor Sysoev | 2010-06-23 |
| | | |||
| * | ngx_http_parse_status_line() | Igor Sysoev | 2010-06-15 |
| | | |||
| * | allow spaces in URI | Igor Sysoev | 2010-06-15 |
| | | |||
| * | PATCH method | Igor Sysoev | 2010-06-10 |
| | | |||
| * | fix "/dir/%3F../" and "/dir/%23../" cases | Igor Sysoev | 2010-06-04 |
| | | |||
| * | remove r->zero_in_uri | Igor Sysoev | 2010-05-24 |
| | | |||
| * | check unsafe Destination | Igor Sysoev | 2009-09-25 |
| | | |||
| * | handle "/../" case more reliably | Igor Sysoev | 2009-09-14 |
| | | |||
| * | discrease slightly ngx_http_parse_header_line() size: | Igor Sysoev | 2009-09-02 |
| | | | | | this line is not required for LF, however, this case is very seldom | ||
| * | fix segfault when a header starts with "\rX" | Igor Sysoev | 2009-09-01 |
| | | | | | and logging is set to info or debug level | ||
| * | do not test "..." case since it's Win9x family feature only | Igor Sysoev | 2009-07-20 |
| | | |||
| * | allow underscore in request method | Igor Sysoev | 2009-07-13 |
| | | |||
| * | ngx_path_separator() | Igor Sysoev | 2009-04-23 |
| | | |||
| * | refactor ngx_http_arg() using ngx_strcasestrn(), | Igor Sysoev | 2009-04-04 |
| | | | | | back out zero termination introduced in r2138 | ||
| * | fix r2579 | Igor Sysoev | 2009-03-30 |
| | | |||
| * | style fix: remove tabs | Igor Sysoev | 2009-03-22 |
| | | |||
| * | ngx_http_split_args() | Igor Sysoev | 2009-03-19 |
| | | |||
| * | ngx_http_arg() | Igor Sysoev | 2008-12-22 |
| | | |||
| * | underscores_in_headers | Igor Sysoev | 2008-09-24 |
| | | |||
| * | allow underscores in client request header lines | Igor Sysoev | 2008-09-08 |
| | | |||
| * | test the more likely case first | Igor Sysoev | 2008-03-16 |
| | | |||
| * | use the more correct mask | Igor Sysoev | 2008-03-16 |
| | | |||
| * | fix merge_slashes | Igor Sysoev | 2007-12-14 |
| | | |||
 |
index : nginx | |
| nginx mirror |
| aboutsummaryrefslogtreecommitdiff |