X-Accel-Redirect Decode Patch

Maxim Dounin mdounin at mdounin.ru
Thu Sep 9 21:21:41 MSD 2010


On Thu, Sep 09, 2010 at 08:03:07AM -0400, rovervr wrote:

> I created a small patch for that issue which works for me. But it needs
> to be reviewed by Igor or someone who knows C better than me.
> It checks the static request from X-Accel-Redirect for '%' and escapes
> them if found.

This patch is wrong, it breaks access to normal files with '%'.  
Additionally, it doesn't change X-Accel-Redirect behaviour for 
non-static files.

Instead X-Accel-Redirect value should be unescaped when it got 
from upstream, somewhere before ngx_http_internal_redirect() call.
I personally believe ngx_http_parse_unsafe_uri() should be changed 
to unescape uri (note that it will also affect ssi and dav 
modules).  Though I haven't investigated this carefully enough.

Maxim Dounin

More information about the nginx mailing list