QuickJS: fixed r.subrequest() to a location with JS handler.

Previously, when a subrequest location had a JS handler, an object of a
subrequest JS context was provided as an argument to a parent contexts.
This may cause all sorts of problems due to incorrect reference
counting.

After this change in bellard/quickjs@42eb2795 the bug became apparent.

diff --git a/nginx/ngx_http_js_module.c b/nginx/ngx_http_js_module.c
index 467a5eeaec9d99772b74135d23f3574870af97aa..e3ee42719b49ecdcbd240fcf6af43121f0ac7a2e 100644 (file)
--- a/nginx/ngx_http_js_module.c
+++ b/nginx/ngx_http_js_module.c
@@ -5843,17 +5843,11 @@ ngx_http_qjs_subrequest_done(ngx_http_request_t *r, void *data, ngx_int_t rc)
 
     cx = ctx->engine->u.qjs.ctx;
 
-    if (!JS_IsObject(ngx_qjs_arg(sctx->args[0]))) {
-        reply = ngx_http_qjs_request_make(cx, NGX_QJS_CLASS_ID_HTTP_REQUEST, r);
-        if (JS_IsException(reply)) {
-            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                          "js subrequest reply creation failed");
-            return NGX_ERROR;
-        }
-
-
-    } else {
-        reply = JS_DupValue(cx, ngx_qjs_arg(sctx->args[0]));
+    reply = ngx_http_qjs_request_make(cx, NGX_QJS_CLASS_ID_HTTP_REQUEST, r);
+    if (JS_IsException(reply)) {
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "js subrequest reply creation failed");
+        return NGX_ERROR;
     }
 
     rc = ngx_qjs_call(cx, event->function, &reply, 1);