From 33f96f117fbf5d750b1bb30f8b5db64c3b1acfc3 Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Thu, 28 Apr 2022 17:23:02 -0700
Subject: [PATCH] HTTP: expect escaped URIs in r.internalRedirect().

Similarly to the nginx change in 975d7ab37b39 (1.17.2), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.

Previously, the URI was used as is.
---
 nginx/ngx_http_js_module.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/nginx/ngx_http_js_module.c b/nginx/ngx_http_js_module.c
index 1f7d4440..46c72026 100644
--- a/nginx/ngx_http_js_module.c
+++ b/nginx/ngx_http_js_module.c
@@ -890,7 +890,9 @@ ngx_http_js_content_write_event_handler(ngx_http_request_t *r)
 static void
 ngx_http_js_content_finalize(ngx_http_request_t *r, ngx_http_js_ctx_t *ctx)
 {
-    ngx_str_t  args;
+    ngx_str_t   args;
+    ngx_int_t   rc;
+    ngx_uint_t  flags;
 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "http js content rc: %i", ctx->status);
@@ -900,7 +902,16 @@ ngx_http_js_content_finalize(ngx_http_request_t *r, ngx_http_js_ctx_t *ctx)
             ngx_http_named_location(r, &ctx->redirect_uri);
 
         } else {
-            ngx_http_split_args(r, &ctx->redirect_uri, &args);
+            ngx_str_null(&args);
+            flags = NGX_HTTP_LOG_UNSAFE;
+
+            rc = ngx_http_parse_unsafe_uri(r, &ctx->redirect_uri, &args,
+                                           &flags);
+            if (rc != NGX_OK) {
+                ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+                return;
+            }
+
             ngx_http_internal_redirect(r, &ctx->redirect_uri, &args);
         }
     }
-- 
2.47.3