URL encoding and other hackery

Adam Doppelt amd at urbanspoon.com
Sun Feb 17 07:44:00 MSK 2008

Hi. First, let me just say that I love nginx. Thanks for creating and 
maintaining it - we appreciate it.

I am using nginx as the front end to a rails cluster. When rails 
generates a page I write the page to disk, where nginx can look for it 
later. I want to use something like this:

if (-f $document_root/$uri)

But I anticipate a few problems:

1) the uri might include ".." or similar hackery
2) the uri might include query parameters

That leads to my questions:

1) Does nginx validate incoming uris? Will it strip out ".."?
2) Can I URL encode a variable?



More information about the nginx mailing list