Commit Graph

86 Commits

Author SHA1 Message Date
Valentin Bartenev
5453f0afe6 Autoindex: implemented JSON output format. 2014-12-12 20:25:35 +03:00
Maxim Dounin
7ac48da41d Core: added ngx_encode_base64url(). 2014-02-04 04:59:21 +04:00
Maxim Dounin
e11584164f Added ngx_filename_cmp() with "/" sorted to the left.
This patch fixes incorrect handling of auto redirect in configurations
like:

    location /0  { }
    location /a- { }
    location /a/ { proxy_pass ... }

With previously used sorting, this resulted in the following locations
tree (as "-" is less than "/"):

        "/a-"
    "/0"    "/a/"

and a request to "/a" didn't match "/a/" with auto_redirect, as it
didn't traverse relevant tree node during lookup (it tested "/a-",
then "/0", and then falled back to null location).

To preserve locale use for non-ASCII characters on case-insensetive
systems, libc's tolower() used.
2013-09-23 19:37:13 +04:00
Maxim Dounin
d053bacb9c Added "const" to ngx_memcpy() with NGX_MEMCPY_LIMIT defined.
This fixes warning produced during compilation of the ngx_http_geoip_module
due to const qualifier being discarded.
2012-08-03 09:07:30 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
6226fe3512 Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped.  This resulted in effectively truncated links as '?' indicates
query string start.

This is an updated version of the patch originally posted at [1].  It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986.  This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.

[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html

Reported by Konstantin Leonov.
2011-10-11 17:56:51 +00:00
Igor Sysoev
d63104eea4 use memmove() in appropriate places 2011-04-12 08:02:46 +00:00
Igor Sysoev
94e9aaa8ad new ngx_http_secure_link_module with secure_link, secure_link_md5, and
secure_link_expires
2010-09-02 14:37:16 +00:00
Igor Sysoev
daab61e40c fix a bug when ngx_cpymem() returns a cast type:
p = (type *) ngx_cpymem(...)
2010-06-24 15:17:06 +00:00
Igor Sysoev
0923d08148 change ngx_http_variable_value_node_t to more generic ngx_str_node_t 2010-06-23 15:31:33 +00:00
Igor Sysoev
05b1a8f1e3 ngx_str_set() and ngx_str_null() 2010-05-14 09:56:37 +00:00
Igor Sysoev
d2b687cf3f ngx_atofp() 2010-05-14 09:01:30 +00:00
Igor Sysoev
96e36ef252 If .domain.com, .sub.domain.com, and .domain-some.com were defined,
then .sub.domain.com was matched by .domain.com: wildcard names hash
was built incorrectly due to sorting order issue of "." vs "-".
They were sorted as
    com.domain  com.domain-some  com.domain.sub
while they should be sorted as
    com.domain  com.domain.sub   com.domain-some
for correct hash building
2009-09-12 09:28:37 +00:00
Igor Sysoev
4e1fe03e03 ngx_vslprintf(), ngx_slprintf() 2009-04-27 12:51:33 +00:00
Igor Sysoev
a514d68bfb ngx_strlcasestrn() 2009-04-04 17:31:54 +00:00
Igor Sysoev
caa4a45c0f ngx_strlchr() 2008-08-26 14:16:36 +00:00
Igor Sysoev
777b019c73 ngx_strlow() 2008-08-04 10:07:00 +00:00
Igor Sysoev
a089857143 rename ngx_utf_...() to ngx_utf8_...() 2008-07-29 14:41:34 +00:00
Igor Sysoev
96eaa05fd2 fix utf-8 names in autoindex 2008-07-25 14:29:05 +00:00
Igor Sysoev
5f3521cf4f escape 0x00-0x1f, ", and \ in access log variables 2008-05-15 15:09:39 +00:00
Igor Sysoev
de8ec1efc8 use ngx_int_t in ngx_sort() callback 2008-03-24 13:04:02 +00:00
Igor Sysoev
a03fa3666f replace ngx_md5_text() with ngx_hex_dump() 2007-12-17 21:06:17 +00:00
Igor Sysoev
2e8f0d0b30 update ngx_memcmp() 2007-11-23 17:00:11 +00:00
Igor Sysoev
f0a51cfa09 unescape SSI include 2007-10-22 10:19:17 +00:00
Igor Sysoev
2d3f3f6eb6 fix English grammar 2007-10-14 18:56:15 +00:00
Igor Sysoev
35fe5fd06d ngx_strnstr() 2007-10-01 14:48:33 +00:00
Igor Sysoev
1730c758a1 ngx_escape_html() 2007-09-27 09:36:50 +00:00
Igor Sysoev
1bd987019d ngx_strstrn() and ngx_strcasestrn() 2007-09-26 19:25:52 +00:00
Igor Sysoev
d4ff561681 escape " ", "%", and %00-%1F in login and password 2007-08-20 09:50:53 +00:00
Igor Sysoev
3f70782404 escape space, etc in $memcached_key 2007-07-22 19:18:59 +00:00
Igor Sysoev
f42ed05e9c Sun Studio on sparc uses different bit order 2007-07-17 09:23:23 +00:00
Igor Sysoev
8662b6bec5 msie_refresh should escape at least '"' to prevent XSS 2007-07-13 09:37:01 +00:00
Igor Sysoev
35921283df ngx_sort 2007-05-21 14:05:23 +00:00
Igor Sysoev
3378750e2d style fix 2007-05-19 17:39:44 +00:00
Igor Sysoev
7a5886052f *) introduce ngx_strchr()
*) test server_name for '/': it's common configuration error when
   trailing ';' is omitted and a next directive is treated as server_name
2007-04-02 06:27:30 +00:00
Igor Sysoev
722231f407 ngx_strcasecmp()/ngx_strncasecmp() 2007-02-14 18:51:19 +00:00
Igor Sysoev
ec3cabdcd9 ngx_strn2cmp() > ngx_memn2cmp() 2007-01-12 21:58:02 +00:00
Igor Sysoev
37cc165064 ngx_strn2cmp() 2007-01-12 20:15:59 +00:00
Igor Sysoev
ef809b86c3 nginx-0.3.50-RELEASE import
*) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors"
       directives was renamed to the "proxy_intercept_errors" and
       "fastcgi_intercept_errors" directives.

    *) Feature: the ngx_http_charset_module supports the recoding from the
       single byte encodings to the UTF-8 encoding and back.

    *) Feature: the "X-Accel-Charset" response header line is supported in
       proxy and FastCGI mode.

    *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI
       command was removed only if the command also has the "$" symbol.

    *) Bugfix: the "<!--" string might be added on some conditions in the
       SSI after inclusion.

    *) Bugfix: if the "Content-Length: 0" header line was in response, then
       in nonbuffered proxying mode the client connection was not closed.
2006-06-28 16:00:26 +00:00
Igor Sysoev
3338cfdfbc nginx-0.3.46-RELEASE import
*) Feature: the "proxy_hide_header", "proxy_pass_header",
       "fastcgi_hide_header", and "fastcgi_pass_header" directives.

    *) Change: the "proxy_pass_x_powered_by", "fastcgi_x_powered_by", and
       "proxy_pass_server" directives were canceled.

    *) Feature: the "X-Accel-Buffering" response header line is supported
       in proxy mode.

    *) Bugfix: the reconfiguration bug and memory leaks in the
       ngx_http_perl_module.
2006-05-11 14:43:47 +00:00
Igor Sysoev
ae33d014ad nginx-0.3.22-RELEASE import
*) Feature: the ngx_http_perl_module supports the $r->args and
       $r->unescape methods.

    *) Feature: the method $r->query_string of ngx_http_perl_module was
       canceled.

    *) Bugfix: segmentation fault was occurred if the "none" or "blocked"
       values was specified in the "valid_referers" directive; the bug had
       appeared in 0.3.18.
2006-01-17 20:04:32 +00:00
Igor Sysoev
d3283ff922 nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
09c684b2d5 nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.
2005-11-09 17:25:55 +00:00
Igor Sysoev
5192b3651f nginx-0.1.38-RELEASE import
*) Feature: the "limit_rate" directive is supported in in proxy and
       FastCGI mode.

    *) Feature: the "X-Accel-Limit-Rate" response header line is supported
       in proxy and FastCGI mode.

    *) Feature: the "break" directive.

    *) Feature: the "log_not_found" directive.

    *) Bugfix: the response status code was not changed when request was
       redirected by the ""X-Accel-Redirect" header line.

    *) Bugfix: the variables set by the "set" directive could not be used
       in SSI.

    *) Bugfix: the segmentation fault may occurred if the SSI page has more
       than one remote subrequest.

    *) Bugfix: nginx treated the backend response as invalid if the status
       line in the header was transferred in two packets; the bug had
       appeared in 0.1.29.

    *) Feature: the "ssi_types" directive.

    *) Feature: the "autoindex_exact_size" directive.

    *) Bugfix: the ngx_http_autoindex_module did not support the long file
       names in UTF-8.

    *) Feature: the IMAP/POP3 proxy.
2005-07-08 14:34:20 +00:00
Igor Sysoev
b145b067e2 nginx-0.1.36-RELEASE import
*) Change: if the request header has duplicate the "Host",
       "Connection", "Content-Length", or "Authorization" lines, then nginx
       now returns the 400 error.

    *) Change: the "post_accept_timeout" directive was canceled.

    *) Feature: the "default", "af=", "bl=", "deferred", and "bind"
       parameters of the "listen" directive.

    *) Feature: the FreeBSD accept filters support.

    *) Feature: the Linux TCP_DEFER_ACCEPT support.

    *) Bugfix: the ngx_http_autoindex_module did not support the file names
       in UTF-8.

    *) Bugfix: the new log file can be rotated by the -USR1 signal only if
       the reconfiguration by the -HUP signal was made twice.
2005-06-15 18:33:41 +00:00
Igor Sysoev
7b190b41b0 nginx-0.1.35-RELEASE import
*) Feature: the "working_directory" directive.

    *) Feature: the "port_in_redirect" directive.

    *) Bugfix: the segmentation fault was occurred if the backend response
       header was in several packets; the bug had appeared in 0.1.29.

    *) Bugfix: if more than 10 servers were configured or some server did
       not use the "listen" directive, then the segmentation fault was
       occurred on the start.

    *) Bugfix: the segmentation fault might occur if the response was
       bigger than the temporary file.

    *) Bugfix: nginx returned the 400 response on requests like
       "GET http://www.domain.com/uri HTTP/1.0"; the bug had appeared in
       0.1.28.
2005-06-07 15:56:31 +00:00
Igor Sysoev
e31e90b3e1 nginx-0.1.32-RELEASE import
*) Bugfix: the arguments were omitted in the redirects, issued by the
       "rewrite" directive; the bug had appeared in 0.1.29.

    *) Feature: the "if" directive supports the captures in regular
       expressions.

    *) Feature: the "set" directive supports the variables and the captures
       of regular expressions.

    *) Feature: the "X-Accel-Redirect" response header line is supported in
       proxy and FastCGI mode.
2005-05-19 13:25:22 +00:00
Igor Sysoev
4d656dcd0b nginx-0.1.26-RELEASE import
*) Change: the invalid client header lines are now ignored and logged
       at the info level.

    *) Change: the server name is also logged in error log.

    *) Feature: the ngx_http_auth_basic_module module and the auth_basic
       and auth_basic_user_file directives.
2005-03-22 16:02:46 +00:00
Igor Sysoev
c15717285d nginx-0.1.25-RELEASE import
*) Bugfix: nginx did run on Linux parisc.

    *) Feature: nginx now does not start under FreeBSD if the sysctl
       kern.ipc.somaxconn value is too big.

    *) Bugfix: if a request was internally redirected by the
       ngx_http_index_module module to the ngx_http_proxy_module or
       ngx_http_fastcgi_module modules, then the index file was not closed
       after request completion.

    *) Feature: the "proxy_pass" can be used in location with regular
       expression.

    *) Feature: the ngx_http_rewrite_filter_module module supports the
       condition like "if ($HTTP_USER_AGENT ~ MSIE)".

    *) Bugfix: nginx started too slow if the large number of addresses and
       text values were used in the "geo" directive.

    *) Change: a variable name must be declared as "$name" in the "geo"
       directive. The previous variant without "$" is still supported, but
       will be removed soon.

    *) Feature: the "%{VARIABLE}v" logging parameter.

    *) Feature: the "set $name value" directive.

    *) Bugfix: gcc 4.0 compatibility.

    *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 12:38:37 +00:00