On Thu, Feb 02, 2012 at 02:34:06AM +0400, firstname.lastname@example.org wrote:
The ngx_http_parse_complex_uri() function is part of a request parsing code, optimized for the specific task of parsing URI of a request in case it's complex and can't be parsed by ngx_http_parse_request_line(). It's not a generic URI parsing function and never was intended to be.
So, do you mean that nginx is meant to not have such "generic URI parsing function" at all?
More or less generic one is ngx_http_parse_unsafe_uri().
Okay - do you think it's sufficient just to change ngx_unescape_uri(&dst, &src, uri->len, 0); to ngx_unescape_uri(&dst, &src, uri->len, NGX_UNESCAPE_URI); in the previous patch? (i.e. in http://www.coderain.de/nginx/nginx-0.8.52-xred.patch)
No. The NGX_UNESCAPE_URI won't be sufficient, and it's in fact does the wrong thing: it will stop unescaping on first unescaped '?', thus preventing files with two question marks from working.
P.S: what's NGX_UNESCAPE_REDIRECT?
It's the flag used by "rewrite ... redirect;". It's somewhat broken and needs fixing, see tests and comments here: