mirror of
https://github.com/nginx/nginx.git
synced 2024-12-11 09:49:02 +08:00
Win32: uris with ":$" are now rejected.
There are too many problems with special NTFS streams, notably "::$data", "::$index_allocation" and ":$i30:$index_allocation". For now we don't reject all URIs with ":" like Apache does as there are no good reasons seen yet, and there are multiple programs using it in URLs (e.g. MediaWiki).
This commit is contained in:
parent
f83598a359
commit
0d7720ddc0
@ -812,7 +812,28 @@ ngx_http_process_request_line(ngx_event_t *rev)
|
||||
|
||||
#if (NGX_WIN32)
|
||||
{
|
||||
u_char *p;
|
||||
u_char *p, *last;
|
||||
|
||||
p = r->uri.data;
|
||||
last = r->uri.data + r->uri.len;
|
||||
|
||||
while (p < last) {
|
||||
|
||||
if (*p++ == ':') {
|
||||
|
||||
/*
|
||||
* this check covers "::$data", "::$index_allocation" and
|
||||
* ":$i30:$index_allocation"
|
||||
*/
|
||||
|
||||
if (p < last && *p == '$') {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"client sent unsafe win32 URI");
|
||||
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
p = r->uri.data + r->uri.len - 1;
|
||||
|
||||
@ -828,11 +849,6 @@ ngx_http_process_request_line(ngx_event_t *rev)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) {
|
||||
p -= 7;
|
||||
continue;
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user