X-Accel-Redirect Decode Patch

Dennis J. dennisml at conversis.de
Thu Sep 9 16:32:53 MSD 2010 

Hi,
you cannot use the presence of a character as an indicator to determine if 
a string is encoded or not. After all "%" is a perfectly legitimate 
character that can be used for a filename or directory.

The question is whether path.data represents the raw encoded version of the 
path in which case it must *always* be decoded or if this variable already 
represents the decoded version of the path in which case it should *never* 
be decoded a second time.

Regards,
   Dennis

On 09/09/2010 02:03 PM, rovervr wrote:
> Hi,
> I created a small patch for that issue which works for me. But it needs
> to be reviewed by Igor or someone who knows C better than me.
> It checks the static request from X-Accel-Redirect for '%' and escapes
> them if found.
>
>
> [code]
> --- nginx-0.8.50orig/src/http/modules/ngx_http_static_module.c
> 2010-05-24 14:35:10.000000000 +0200
> +++ nginx-0.8.50/src/http/modules/ngx_http_static_module.c
> 2010-09-09 13:49:49.000000000 +0200
> @@ -47,7 +47,7 @@
>   static ngx_int_t
>   ngx_http_static_handler(ngx_http_request_t *r)
>   {
> -    u_char                    *last, *location;
> +    u_char                    *last, *location, *src, *dst;
>       size_t                     root, len;
>       ngx_str_t                  path;
>       ngx_int_t                  rc;
> @@ -83,6 +83,28 @@
>       ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
>                      "http filename: \"%s\"", path.data);
>
> +    /*
> +     * X-Accel-Redirect Patch
> +     * If the path contains a % it probably must be decoded
> +     */
> +    if( strstr( path.data, "%" ) != NULL )
> +    {
> +        ngx_str_t *uri =&path;
> +
> +        dst = uri->data;
> +        src = uri->data;
> +
> +        ngx_unescape_uri(&dst,&src, uri->len, NGX_UNESCAPE_URI );
> +
> +        len = uri->len - ( src - dst ) + 1;
> +        if ( len )
> +        {
> +            dst = ngx_copy( dst, src, len);
> +        }
> +        uri->len = dst - uri->data;
> +    }
> +
> +
>       clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
>
>       ngx_memzero(&of, sizeof(ngx_open_file_info_t));
>
> [/code]
>
> It would be nice to get a little feedback if this is ok.
>
> best regards,
>
> Volker Richter
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,128346,128745#msg-128745
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list