Re: svn commit: r1919628 - in /httpd/httpd/trunk: changes-entries/bz69203.txt modules/proxy/mod_proxy.c modules/proxy/mod_proxy_fcgi.c

Wed, 07 Aug 2024 02:44:34 -0700 


On 8/2/24 2:53 AM, yla...@apache.org wrote:
> Author: ylavic
> Date: Fri Aug  2 00:53:53 2024
> New Revision: 1919628
> 
> URL: http://svn.apache.org/viewvc?rev=1919628&view=rev
> Log:
> Follow up to r1919620: Restore r->filename re-encoding for ProxyPass URLs.
> 
> 
> Modified:
>     httpd/httpd/trunk/changes-entries/bz69203.txt
>     httpd/httpd/trunk/modules/proxy/mod_proxy.c
>     httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c
> 

> Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?rev=1919628&r1=1919627&r2=1919628&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c (original)
> +++ httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c Fri Aug  2 00:53:53 2024

> @@ -93,20 +95,40 @@ static int proxy_fcgi_canon(request_rec
>          host = apr_pstrcat(r->pool, "[", host, "]", NULL);
>      }
>  
> -    /* We do not call ap_proxy_canonenc_ex() on the path here because the CGI
> -     * environment variable SCRIPT_FILENAME based on it want the 
> decoded/local
> -     * path, don't let control characters pass still.
> -     *
> -     * XXX: should we encode based on dconf->backend_type though?
> -     */
> -    for (pc = path; *pc; pc++) {
> -        if (apr_iscntrl(*pc)) {
> +    from_handler = apr_table_get(r->notes, "proxy-sethandler") != NULL;

Why do we need the from_handler variable?

> +    if (from_handler
> +        || apr_table_get(r->notes, "proxy-nocanon")
> +        || apr_table_get(r->notes, "proxy-noencode")) {
> +        char *c = path = url;   /* this is the raw path */
> +
> +        /* We do not call ap_proxy_canonenc_ex() on the path here, don't
> +         * let control characters pass still, and for php-fpm no '?' either.
> +         */
> +        if (FCGI_MAY_BE_FPM(dconf)) {
> +            while (!apr_iscntrl(*c) && *c != '?')
> +                c++;
> +        }
> +        else {
> +            while (!apr_iscntrl(*c))
> +                c++;
> +        }
> +        if (*c) {
>              ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
> -                          "To be forwarded path contains control "
> -                          "characters");
> +                          "To be forwarded path contains control 
> characters%s",
> +                          FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "");
>              return HTTP_FORBIDDEN;
>          }
>      }
> +    else {
> +        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
> +        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? 
> PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
> +
> +        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, 
> flags,
> +                                    r->proxyreq);
> +        if (!path) {
> +            return HTTP_BAD_REQUEST;
> +        }
> +    }
>  
>      r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/",
>                                path, NULL);
> 
> 
> 

Regards

RĂ¼diger























					Reply via email to