[core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2927 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.34
Stefan Bühler 9 years ago
parent 17762fad01
commit f0e5c1415d
  1. 1
      NEWS
  2. 2
      src/mod_rewrite.c
  3. 78
      src/response.c

@ -13,6 +13,7 @@ NEWS
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)
- 1.4.33 - 2013-09-27
* mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)

@ -296,8 +296,6 @@ static int mod_rewrite_patch_connection(server *srv, connection *con, plugin_dat
data_config *dc = (data_config *)srv->config_context->data[i];
s = p->config_storage[i];
if (COMP_HTTP_URL == dc->comp) continue;
/* condition didn't match */
if (!config_check_cond(srv, con, dc)) continue;

@ -305,13 +305,44 @@ handler_t http_response_prepare(server *srv, connection *con) {
buffer_copy_string_buffer(con->uri.path_raw, con->request.uri);
}
/* decode url to path
*
* - decode url-encodings (e.g. %20 -> ' ')
* - remove path-modifiers (e.g. /../)
*/
if (con->request.http_method == HTTP_METHOD_OPTIONS &&
con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') {
/* OPTIONS * ... */
buffer_copy_string_buffer(con->uri.path, con->uri.path_raw);
} else {
buffer_copy_string_buffer(srv->tmp_buf, con->uri.path_raw);
buffer_urldecode_path(srv->tmp_buf);
buffer_path_simplify(con->uri.path, srv->tmp_buf);
}
config_patch_connection(srv, con, COMP_HTTP_URL); /* HTTPurl */
config_patch_connection(srv, con, COMP_HTTP_QUERY_STRING); /* HTTPqs */
#ifdef USE_OPENSSL
if (con->srv_socket->is_ssl && con->conf.ssl_verifyclient) {
https_add_ssl_entries(con);
}
#endif
/* do we have to downgrade to 1.0 ? */
if (!con->conf.allow_http11) {
con->request.http_version = HTTP_VERSION_1_0;
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- splitting Request-URI");
log_error_write(srv, __FILE__, __LINE__, "sb", "Request-URI : ", con->request.uri);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-scheme : ", con->uri.scheme);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-authority: ", con->uri.authority);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path_raw);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-query : ", con->uri.query);
log_error_write(srv, __FILE__, __LINE__, "sb", "Request-URI : ", con->request.uri);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-scheme : ", con->uri.scheme);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-authority : ", con->uri.authority);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path (raw) : ", con->uri.path_raw);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path (clean): ", con->uri.path);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-query : ", con->uri.query);
}
@ -336,35 +367,6 @@ handler_t http_response_prepare(server *srv, connection *con) {
break;
}
/* build filename
*
* - decode url-encodings (e.g. %20 -> ' ')
* - remove path-modifiers (e.g. /../)
*/
if (con->request.http_method == HTTP_METHOD_OPTIONS &&
con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') {
/* OPTIONS * ... */
buffer_copy_string_buffer(con->uri.path, con->uri.path_raw);
} else {
buffer_copy_string_buffer(srv->tmp_buf, con->uri.path_raw);
buffer_urldecode_path(srv->tmp_buf);
buffer_path_simplify(con->uri.path, srv->tmp_buf);
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- sanitising URI");
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path);
}
#ifdef USE_OPENSSL
if (con->srv_socket->is_ssl && con->conf.ssl_verifyclient) {
https_add_ssl_entries(con);
}
#endif
/**
*
* call plugins
@ -373,14 +375,6 @@ handler_t http_response_prepare(server *srv, connection *con) {
*
*/
config_patch_connection(srv, con, COMP_HTTP_URL); /* HTTPurl */
config_patch_connection(srv, con, COMP_HTTP_QUERY_STRING); /* HTTPqs */
/* do we have to downgrade to 1.0 ? */
if (!con->conf.allow_http11) {
con->request.http_version = HTTP_VERSION_1_0;
}
switch(r = plugins_call_handle_uri_clean(srv, con)) {
case HANDLER_GO_ON:
break;

Loading…
Cancel
Save