[nginx] Perl: expect escaped URIs in $r->internal_redirect().

Maxim Dounin mdounin at mdounin.ru
Fri Jul 12 14:54:03 UTC 2019 

details:   https://hg.nginx.org/nginx/rev/975d7ab37b39
branches:  
changeset: 7532:975d7ab37b39
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Fri Jul 12 15:39:26 2019 +0300
description:
Perl: expect escaped URIs in $r->internal_redirect().

Similarly to the change in 5491:74bfa803a5aa (1.5.9), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.

diffstat:

 src/http/modules/perl/nginx.xs               |  11 -----------
 src/http/modules/perl/ngx_http_perl_module.c |  10 +++++++++-
 src/http/modules/perl/ngx_http_perl_module.h |   1 -
 3 files changed, 9 insertions(+), 13 deletions(-)

diffs (66 lines):

diff --git a/src/http/modules/perl/nginx.xs b/src/http/modules/perl/nginx.xs
--- a/src/http/modules/perl/nginx.xs
+++ b/src/http/modules/perl/nginx.xs
@@ -952,17 +952,6 @@ internal_redirect(r, uri)
         croak("ngx_http_perl_sv2str() failed");
     }
 
-    for (i = 0; i < ctx->redirect_uri.len; i++) {
-        if (ctx->redirect_uri.data[i] == '?') {
-
-            ctx->redirect_args.len = ctx->redirect_uri.len - (i + 1);
-            ctx->redirect_args.data = &ctx->redirect_uri.data[i + 1];
-            ctx->redirect_uri.len = i;
-
-            XSRETURN_EMPTY;
-        }
-    }
-
 
 void
 allow_ranges(r)
diff --git a/src/http/modules/perl/ngx_http_perl_module.c b/src/http/modules/perl/ngx_http_perl_module.c
--- a/src/http/modules/perl/ngx_http_perl_module.c
+++ b/src/http/modules/perl/ngx_http_perl_module.c
@@ -184,6 +184,7 @@ ngx_http_perl_handle_request(ngx_http_re
     SV                         *sub;
     ngx_int_t                   rc;
     ngx_str_t                   uri, args, *handler;
+    ngx_uint_t                  flags;
     ngx_http_perl_ctx_t        *ctx;
     ngx_http_perl_loc_conf_t   *plcf;
     ngx_http_perl_main_conf_t  *pmcf;
@@ -237,7 +238,6 @@ ngx_http_perl_handle_request(ngx_http_re
 
     if (ctx->redirect_uri.len) {
         uri = ctx->redirect_uri;
-        args = ctx->redirect_args;
 
     } else {
         uri.len = 0;
@@ -257,6 +257,14 @@ ngx_http_perl_handle_request(ngx_http_re
     }
 
     if (uri.len) {
+        ngx_str_null(&args);
+        flags = NGX_HTTP_LOG_UNSAFE;
+
+        if (ngx_http_parse_unsafe_uri(r, &uri, &args, &flags) != NGX_OK) {
+            ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+            return;
+        }
+
         ngx_http_internal_redirect(r, &uri, &args);
         ngx_http_finalize_request(r, NGX_DONE);
         return;
diff --git a/src/http/modules/perl/ngx_http_perl_module.h b/src/http/modules/perl/ngx_http_perl_module.h
--- a/src/http/modules/perl/ngx_http_perl_module.h
+++ b/src/http/modules/perl/ngx_http_perl_module.h
@@ -25,7 +25,6 @@ typedef struct {
 
     ngx_str_t                 filename;
     ngx_str_t                 redirect_uri;
-    ngx_str_t                 redirect_args;
 
     SV                       *next;

More information about the nginx-devel mailing list