<div dir="ltr">Hello,<div><br></div><div>While doing an audit for a client I came across an URL of the from:</div><div><br></div><div><a href="http://host/foobar;arg=quux?q=en/somewhere&a=1&b=2">http://host/foobar;arg=quux?q=en/somewhere&a=1&b=2</a></div>
<div><br></div><div>Now doing something like:</div><div><br></div><div><div><font face="courier new, monospace">location /test-args {</font></div><div><font face="courier new, monospace"> return 200 "u: $uri\nq: $query_string\na: $args\n";</font></div>
<div><font face="courier new, monospace"> }</font></div><div><br></div><div>This returns as the value of $uri the string foobar;arg=quux, i.e., the first parameter arg=quux is not being interpreted as an argument but as part of the URI.</div>
<div><br></div><div>This is confirmed by changing the location to be exact using = /test-args in which case nginx cannot find a configuration for handling the request.</div><div><br></div><div>Now if I understand correctly section 3.3 of the RFC <a href="http://tools.ietf.org/html/rfc3986#section-3.3">http://tools.ietf.org/html/rfc3986#section-3.3</a></div>
<div><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><div> The path may consist of a sequence of path segments separated by a</div></div></div><div><div><div> single slash "/" character. Within a path segment, the characters</div>
</div></div><div><div><div> "/", ";", "=", and "?" are reserved. Each path segment may include a</div></div></div><div><div><div> sequence of parameters, indicated by the semicolon ";" character.</div>
</div></div><div><div><div> The parameters are not significant to the parsing of relative</div></div></div><div><div><div> references.</div></div></div></blockquote><div><div><br></div><div>Which means that the above URL is perfectly legal with arg being considered a parameter.</div>
<div><br></div><div>Shouldn't nginx interpret arg=quux as an argument and not part of the URI in order to fully support the RFC in question?</div><div><br></div><div>Thank you,<br clear="all"><div>----appa<br></div>
</div>
</div></div>