[PATCH 2 of 5] Core: escape "<", ">", and """ in urls
Maxim Dounin
mdounin at mdounin.ru
Fri Jan 15 14:49:29 MSK 2010
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1263229555 -10800
# Node ID 186e9471419a07250d144e390b43cd1cf7dcd561
# Parent 9180ed53bc04c852d88069c1a919799f92d7755d
Core: escape "<", ">", and """ in urls.
RFC 2396 requires it, and not escaping them seems to cause problems at
least with MS Exchange.
Note well: RFC 3986 obsoletes RFC 2396 and no longer requires characters in
question to be escaped. But for compatibility reasons it's probably a good
idea to escape them anyway.
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1258,13 +1258,13 @@ ngx_escape_uri(u_char *dst, u_char *src,
uint32_t *escape;
static u_char hex[] = "0123456789abcdef";
- /* " ", "#", "%", "?", %00-%1F, %7F-%FF */
+ /* " ", """, "#", "%", "<", ">", "?", %00-%1F, %7F-%FF */
static uint32_t uri[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
- 0x80000029, /* 1000 0000 0000 0000 0000 0000 0010 1001 */
+ 0xd000002d, /* 1101 0000 0000 0000 0000 0000 0010 1101 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
@@ -1278,13 +1278,13 @@ ngx_escape_uri(u_char *dst, u_char *src,
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
- /* " ", "#", "%", "+", "?", %00-%1F, %7F-%FF */
+ /* " ", """, "#", "%", "+", "<", ">", "?", %00-%1F, %7F-%FF */
static uint32_t args[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
- 0x80000829, /* 1000 0000 0000 0000 0000 1000 0010 1001 */
+ 0xd000082d, /* 1101 0000 0000 0000 0000 1000 0010 1101 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
@@ -1298,13 +1298,13 @@ ngx_escape_uri(u_char *dst, u_char *src,
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
- /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */
+ /* " ", """, "#", "%", "'", "<", ">", %00-%1F, %7F-%FF */
static uint32_t html[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
- 0x000000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */
+ 0x500000ad, /* 0101 0000 0000 0000 0000 0000 1010 1101 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
@@ -1318,13 +1318,13 @@ ngx_escape_uri(u_char *dst, u_char *src,
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
- /* " ", """, "%", "'", %00-%1F, %7F-%FF */
+ /* " ", """, "%", "'", "<", ">", %00-%1F, %7F-%FF */
static uint32_t refresh[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
- 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */
+ 0x50000085, /* 0101 0000 0000 0000 0000 0000 1000 0101 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
More information about the nginx-devel
mailing list