Commit Graph

73 Commits

Author SHA1 Message Date
Maxim Dounin
74d939974d Rewrite: fixed escaping and possible segfault (ticket #162).
The following code resulted in incorrect escaping of uri and possible
segfault:

    location / {
        rewrite ^(.*) $1?c=$1;
        return 200 "$uri";
    }

If there were arguments in a rewrite's replacement string, and length was
actually calculated (due to duplicate captures as in the example above,
or variables present), the is_args flag was set and incorrectly copied
after length calculation.  This resulted in escaping applied to the uri part
of the replacement, resulting in incorrect escaping.  Additionally, buffer
was allocated without escaping expected, thus this also resulted in buffer
overrun and possible segfault.
2012-05-11 13:19:22 +00:00
Valentin Bartenev
0e05ca0404 Disable symlinks: initialization of the "disable_symlinks" field in
ngx_open_file_info_t moved to a separate function.

This is preparation for the "from=" parameter implementation of the
"disable_symlinks" directive.
2012-02-27 16:51:28 +00:00
Andrey Belov
8ce8f6667f Support for disable_symlinks in various modules. 2012-02-13 16:32:21 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
72df0f400a Clear old Location header (if any) while adding a new one.
This prevents incorrect behaviour when another redirect is issued within
error_page 302 handler.
2011-10-12 13:28:03 +00:00
Igor Sysoev
eecc540da8 test zero value in an "if" directive consistently with predicates fixed in r3894
thanks to Maxim Dounin
2011-05-03 09:52:27 +00:00
Igor Sysoev
14fe2dd94a values starting with '0' were incorrectly assumed to be false
patch by Maxim Dounin
2011-04-15 12:24:18 +00:00
Igor Sysoev
d63104eea4 use memmove() in appropriate places 2011-04-12 08:02:46 +00:00
Igor Sysoev
9a62648f7b fix typo 2010-09-13 12:44:43 +00:00
Igor Sysoev
94e9aaa8ad new ngx_http_secure_link_module with secure_link, secure_link_md5, and
secure_link_expires
2010-09-02 14:37:16 +00:00
Igor Sysoev
7fc29052e8 ngx_http_test_predicates(), ngx_http_set_predicate_slot() 2010-07-14 11:13:59 +00:00
Igor Sysoev
4c1b0770ca return code text 2010-06-18 15:15:20 +00:00
Igor Sysoev
05b1a8f1e3 ngx_str_set() and ngx_str_null() 2010-05-14 09:56:37 +00:00
Igor Sysoev
d86a0bfed4 fix captures in "rewrite", the bug had been introduced in r3326 2009-11-16 19:10:45 +00:00
Igor Sysoev
c05f20ec2e regex named captures 2009-11-16 12:19:02 +00:00
Igor Sysoev
3266171fd4 read_ahead 2009-09-30 13:21:52 +00:00
Igor Sysoev
7f6d71bbc8 low ENAMETOOLONG logging level 2009-09-25 09:13:08 +00:00
Igor Sysoev
c28d632595 ngx_http_set_exten() is always successful since 0.3.46 2009-07-14 08:38:28 +00:00
Igor Sysoev
05822df0cb fix return value on failure 2009-06-02 16:08:38 +00:00
Igor Sysoev
5ef370df40 -p and --prefix= 2009-04-27 11:32:33 +00:00
Igor Sysoev
f1cc457d7f *) of.test_only to not open file if only stat() is enough
*) of.failed to return exact name of failed syscall
2009-04-27 09:55:53 +00:00
Igor Sysoev
766f3a9753 rename ngx_http_scrip_flush_complex_value()
to ngx_http_script_flush_complex_value()
2009-03-27 14:59:47 +00:00
Igor Sysoev
22d381e87c fix plain text values using relative path in ngx_http_complex_value(),
this fixes the auth_basic_user_file bug introduced in r2589
2009-03-27 06:34:31 +00:00
Igor Sysoev
8508c10bb8 ngx_http_script_flush_complex_value()
ngx_http_complex_value()
ngx_http_compile_complex_value()
2009-03-22 09:36:51 +00:00
Igor Sysoev
165b3c001c split ngx_http_script_compile() 2009-03-18 14:42:06 +00:00
Igor Sysoev
1d05de49a3 now regex captures are per-request entities 2009-03-06 12:15:07 +00:00
Igor Sysoev
9786016076 fix /?new=arg?old=arg redirect case 2009-02-10 16:03:42 +00:00
Igor Sysoev
0e17953679 fix r2394 2008-12-11 06:38:14 +00:00
Igor Sysoev
45656b4051 fix debug logging 2008-12-10 14:48:04 +00:00
Igor Sysoev
4084b12041 escape a query string characters taken from URI while rewrite 2008-09-01 14:43:38 +00:00
Igor Sysoev
a3e9f7d306 fix conflicting names "true" and "false" 2008-07-31 07:55:46 +00:00
Igor Sysoev
385af28642 directio 2008-07-30 12:34:04 +00:00
Igor Sysoev
5a0eac8692 ngx_memzero() ngx_open_file_info_t 2008-06-26 14:07:59 +00:00
Igor Sysoev
3e6f74da05 initialize of.uniq in ngx_open_cached_file() 2008-06-23 13:35:34 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
2008-06-17 15:00:30 +00:00
Igor Sysoev
04610ead82 length calculation did not take into account escaped symbols in arguments 2008-02-12 18:05:32 +00:00
Igor Sysoev
86b915901a optimization 2007-12-27 20:32:43 +00:00
Igor Sysoev
f3b0e49069 open_file_cache_min_uses 2007-12-22 13:19:39 +00:00
Igor Sysoev
9b9616e5ac open_file_cache_retest > open_file_cache_valid 2007-12-21 16:19:48 +00:00
Igor Sysoev
f0a51cfa09 unescape SSI include 2007-10-22 10:19:17 +00:00
Igor Sysoev
2d3f3f6eb6 fix English grammar 2007-10-14 18:56:15 +00:00
Igor Sysoev
5ba67396f5 %v fix lost in r1407 2007-10-09 18:44:59 +00:00
Igor Sysoev
9afd58ffe5 open_file_cache_events 2007-09-03 08:41:42 +00:00
Igor Sysoev
140c7556a2 open_file_cache in HTTP 2007-09-01 12:12:48 +00:00
Igor Sysoev
0d4b372e44 use %v for ngx_variable_value_t in ngx_sprintf(),
this fixes nginx on FreeBSD/sparc64
2007-08-20 09:57:19 +00:00
Igor Sysoev
2c8f05737a flush nocachable variables before ngx_http_script_run() 2007-03-30 19:00:34 +00:00
Igor Sysoev
58364233a6 debug log should not be under rewrite_log control 2006-11-14 12:45:03 +00:00
Igor Sysoev
8fd830adc0 set "Content-Length: 0" for errors handled by "return 204" 2006-10-02 10:22:51 +00:00
Igor Sysoev
3f8dc59500 nginx-0.3.61-RELEASE import
*) Change: now the "tcp_nodelay" directive is turned on by default.

    *) Feature: the "msie_refresh" directive.

    *) Feature: the "recursive_error_pages" directive.

    *) Bugfix: the "rewrite" directive returned incorrect redirect, if the
       redirect had the captured escaped symbols from original URI.
2006-08-28 16:57:48 +00:00
Igor Sysoev
08e63d46de nginx-0.3.58-RELEASE import
*) Feature: the "error_page" directive supports the variables.

    *) Change: now the procfs interface instead of sysctl is used on Linux.

    *) Change: now the "Content-Type" header line is inherited from first
       response when the "X-Accel-Redirect" was used.

    *) Bugfix: the "error_page" directive did not redirect the 413 error.

    *) Bugfix: the trailing "?" did not remove old arguments if no new
       arguments were added to a rewritten URI.

    *) Bugfix: nginx could not run on 64-bit FreeBSD 7.0-CURRENT.
2006-08-14 15:09:38 +00:00