Patch for nginx handling of X-Accel-Redirect URLs

Maxim Dounin mdounin at
Thu Feb 2 11:34:57 UTC 2012


On Thu, Feb 02, 2012 at 02:34:06AM +0400, vitalif at wrote:

> >The ngx_http_parse_complex_uri() function is part of a request
> >parsing code, optimized for the specific task of parsing URI of a
> >request in case it's complex and can't be parsed by
> >ngx_http_parse_request_line().  It's not a generic URI parsing
> >function and never was intended to be.
> So, do you mean that nginx is meant to not have such "generic URI
> parsing function" at all?

More or less generic one is ngx_http_parse_unsafe_uri().

> Okay - do you think it's sufficient just to change
> ngx_unescape_uri(&dst, &src, uri->len, 0);
> to
> ngx_unescape_uri(&dst, &src, uri->len, NGX_UNESCAPE_URI);
> in the previous patch? (i.e. in

No.  The NGX_UNESCAPE_URI won't be sufficient, and it's in fact 
does the wrong thing: it will stop unescaping on first unescaped 
'?', thus preventing files with two question marks from working.


It's the flag used by "rewrite ... redirect;".  It's somewhat 
broken and needs fixing, see tests and comments here:

Maxim Dounin

More information about the nginx-devel mailing list