You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/03/15 15:57:46 UTC
svn commit: r1735088 - in /httpd/httpd/trunk: CHANGES
modules/mappers/mod_rewrite.c
Author: covener
Date: Tue Mar 15 14:57:46 2016
New Revision: 1735088
URL: http://svn.apache.org/viewvc?rev=1735088&view=rev
Log:
[PATCH] mod_rewrite: double escaping of query strings in server context
(like PR50447, for server context)
Submitted By: Evgeny Kotkov <evgeny.kotkov visualsvn.com>
Committed By: covener
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/mappers/mod_rewrite.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1735088&r1=1735087&r2=1735088&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Mar 15 14:57:46 2016
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_rewrite: Don't implicitly URL-escape the original query string
+ when no substitution has changed it (like PR50447 but server context)
+ [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
+
*) core: New CGIVar directive can configure REQUEST_URI to represent the
current URI being processed instead of always the original request.
[Jeff Trawick]
Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1735088&r1=1735087&r2=1735088&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Tue Mar 15 14:57:46 2016
@@ -4548,6 +4548,7 @@ static int hook_uri2file(request_rec *r)
unsigned int port;
int rulestatus;
void *skipdata;
+ const char *oargs;
/*
* retrieve the config structures
@@ -4598,6 +4599,12 @@ static int hook_uri2file(request_rec *r)
}
/*
+ * remember the original query string for later check, since we don't
+ * want to apply URL-escaping when no substitution has changed it.
+ */
+ oargs = r->args;
+
+ /*
* add the SCRIPT_URL variable to the env. this is a bit complicated
* due to the fact that apache uses subrequests and internal redirects
*/
@@ -4731,11 +4738,21 @@ static int hook_uri2file(request_rec *r)
/* append the QUERY_STRING part */
if (r->args) {
+ char *escaped_args = NULL;
+ int noescape = (rulestatus == ACTION_NOESCAPE ||
+ (oargs && !strcmp(r->args, oargs)));
+
r->filename = apr_pstrcat(r->pool, r->filename, "?",
- (rulestatus == ACTION_NOESCAPE)
+ noescape
? r->args
- : ap_escape_uri(r->pool, r->args),
+ : (escaped_args =
+ ap_escape_uri(r->pool, r->args)),
NULL);
+
+ rewritelog((r, 1, NULL, "%s %s to query string for redirect %s",
+ noescape ? "copying" : "escaping",
+ r->args ,
+ noescape ? "" : escaped_args));
}
/* determine HTTP redirect response code */