diff options
| author | Dmitry Volyntsev <xeioex@nginx.com> | 2018-07-23 18:04:53 +0300 |
|---|---|---|
| committer | Dmitry Volyntsev <xeioex@nginx.com> | 2018-07-23 18:04:53 +0300 |
| commit | 43d352ba025afe0211f9b744627890d1dadbb4be (patch) | |
| tree | 334360a0cf8e6328ff025ffa18718bcc85270de5 /nginx/ngx_http_js_module.c | |
| parent | e8393be2b33286e02ca736e7307d3df43cfd48bb (diff) | |
| download | njs-43d352ba025afe0211f9b744627890d1dadbb4be.tar.gz njs-43d352ba025afe0211f9b744627890d1dadbb4be.zip | |
Restricted usage of r.subrequest() and r.parent.
Thanks to 洪志道 (Hong Zhi Dao).
Diffstat (limited to 'nginx/ngx_http_js_module.c')
| -rw-r--r-- | nginx/ngx_http_js_module.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/nginx/ngx_http_js_module.c b/nginx/ngx_http_js_module.c index a9b6c35a..5e2d4bbf 100644 --- a/nginx/ngx_http_js_module.c +++ b/nginx/ngx_http_js_module.c @@ -1825,7 +1825,7 @@ ngx_http_js_ext_get_response(njs_vm_t *vm, njs_value_t *value, void *obj, ctx = ngx_http_get_module_ctx(r, ngx_http_js_module); - njs_vm_retval_set(ctx->vm, njs_value_arg(&ctx->args[1])); + njs_vm_retval_set(vm, njs_value_arg(&ctx->args[1])); return NJS_OK; } @@ -1840,6 +1840,7 @@ ngx_http_js_ext_subrequest(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, ngx_uint_t cb_index, method, n, has_body; njs_value_t *arg2, *options, *value; njs_function_t *callback; + ngx_http_js_ctx_t *ctx; ngx_http_request_t *r, *sr; ngx_http_request_body_t *rb; @@ -1875,6 +1876,14 @@ ngx_http_js_ext_subrequest(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, r = njs_value_data(njs_argument(args, 0)); + ctx = ngx_http_get_module_ctx(r, ngx_http_js_module); + + if (ctx->vm != vm) { + njs_vm_error(vm, "subrequest can only be created for " + "the primary request"); + return NJS_ERROR; + } + if (njs_vm_value_to_ext_string(vm, &uri_arg, njs_argument(args, 1), 0) == NJS_ERROR) { @@ -2150,14 +2159,15 @@ ngx_http_js_ext_get_parent(njs_vm_t *vm, njs_value_t *value, void *obj, r = (ngx_http_request_t *) obj; - ctx = ngx_http_get_module_ctx(r->parent, ngx_http_js_module); + ctx = r->parent ? ngx_http_get_module_ctx(r->parent, ngx_http_js_module) + : NULL; - if (ctx == NULL) { - njs_vm_error(vm, "failed to get the parent context"); + if (ctx == NULL || ctx->vm != vm) { + njs_vm_error(vm, "parent can only be returned for a subrequest"); return NJS_ERROR; } - njs_vm_retval_set(ctx->vm, njs_value_arg(&ctx->args[0])); + njs_vm_retval_set(vm, njs_value_arg(&ctx->args[0])); return NJS_OK; } |