git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 31d1c34) | patch

author	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 28 Jun 2021 15:01:11 +0000 (18:01 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 28 Jun 2021 15:01:11 +0000 (18:01 +0300)
commit	fee09fc49d510de0078f9bc7fc18dc179cceb62b
tree	ef50b5f6c6693223082254529d7cad7592c76319	tree \| snapshot
parent	31d1c34b394ee30b30084ff160133708d0d3b030	commit \| diff

Core: escaping of chars not allowed in URIs per RFC 3986.

Per RFC 3986 only the following characters are allowed in URIs unescaped:

unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

And "%" can appear as a part of escaping itself.  The following
characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
" ", """, "<", ">", "\", "^", "`", "{", "|", "}".

Not escaping ">" is known to cause problems at least with MS Exchange (see
http://nginx.org/pipermail/nginx-ru/2010-January/031261.html) and in
Tomcat (ticket #2191).

The patch adds escaping of the following chars in all URI parts: """, "<",
">", "\", "^", "`", "{", "|", "}".  Note that comments are mostly preserved
to outline important characters being escaped.

src/core/ngx_string.c

diff | blob | history

nginx upstream