Incorrect handling of "%2b" in rewrite directive
Maxim Dounin
mdounin at mdounin.ru
Wed Oct 9 16:02:37 UTC 2013
Hello!
On Wed, Oct 09, 2013 at 06:54:08PM +0400, Dmitry Petrov wrote:
> Hi.
>
> To perform rewrite, nginx does ngx_unescape_uri and then ngx_escape_uri to
> pass request to backend. There is a problem with this functions: they both
> can't handler "+" propertly: ngx_escape_uri does not escape «+» character
>
> So when there is «%2b» sequence in rewrite command, it will be passed to
> backend as «+» where it SHOULD be interpreted as space character.
> I've attached a small patch that solved a problem for me.
>
> For testing I used
> location /foo {
> rewrite (.*) $1 break;
> proxy_pass http://localhost:1234;
> }
> + while true; do nc -l -p 1234; done — to watch what is really send to
> backend by nginx.
The "+" character has a special meaning only in query components.
It is allowed and has no special meaning in paths. That is, URLs
"http://example.com/foo+bar" and "http://example.com/foo%bbar" are
equivalent.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list