You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2023/06/28 12:14:19 UTC

Re: svn commit: r1910650 - /httpd/httpd/trunk/modules/mappers/mod_rewrite.c


On 6/28/23 12:38 PM, covener@apache.org wrote:
> Author: covener
> Date: Wed Jun 28 10:38:27 2023
> New Revision: 1910650
> 
> URL: http://svn.apache.org/viewvc?rev=1910650&view=rev
> Log:
> act more like pre-r1908097 with rewrite
> 
> - be more conservative with setting QSNONE
> - allow the query to be split as historically, but then drop r->args if QSNONE
> 
> 
> Modified:
>     httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> 
> Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1910650&r1=1910649&r2=1910650&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
> +++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Wed Jun 28 10:38:27 2023
> @@ -806,12 +806,6 @@ static void splitout_queryargs(request_r
>      int qsdiscard = flags & RULEFLAG_QSDISCARD;
>      int qslast = flags & RULEFLAG_QSLAST;
>  
> -    if (flags & RULEFLAG_QSNONE) {
> -        rewritelog(r, 2, NULL, "discarding query string, no parse from substitution");
> -        r->args = NULL;
> -        return;
> -    }
> -
>      /* don't touch, unless it's a scheme for which a query string makes sense.
>       * See RFC 1738 and RFC 2368.
>       */
> @@ -853,6 +847,10 @@ static void splitout_queryargs(request_r
>                 r->args[len-1] = '\0';
>             }
>          }
> +        if (flags & RULEFLAG_QSNONE) {
> +            rewritelog(r, 2, NULL, "discarding query string, no parse from substitution");
> +            r->args = NULL;
> +        }

Why moving it here? This means that we remove '?' that where originally encoded in the URL and everything after this from the
resulting URL due to the

*q++ = '\0';

above, but we don't put them in r->args either if RULEFLAG_QSNONE is set e.g. if we end on a '?' in the rewrite template and no
QSA / QSD being set. I think in this case we should not touch any '?' in the result and just treat them as decoded '?' that get
renencoded e.g. when forwarding the URL to a backend.

Regards

Rüdiger

Re: svn commit: r1910650 - /httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Posted by Eric Covener <co...@gmail.com>.

On Wed, Jun 28, 2023 at 8:14 AM Ruediger Pluem <rp...@apache.org> wrote:
>
>
>
> On 6/28/23 12:38 PM, covener@apache.org wrote:
> > Author: covener
> > Date: Wed Jun 28 10:38:27 2023
> > New Revision: 1910650
> >
> > URL: http://svn.apache.org/viewvc?rev=1910650&view=rev
> > Log:
> > act more like pre-r1908097 with rewrite
> >
> > - be more conservative with setting QSNONE
> > - allow the query to be split as historically, but then drop r->args if QSNONE
> >
> >
> > Modified:
> >     httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> >
> > Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1910650&r1=1910649&r2=1910650&view=diff
> > ==============================================================================
> > --- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
> > +++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Wed Jun 28 10:38:27 2023
> > @@ -806,12 +806,6 @@ static void splitout_queryargs(request_r
> >      int qsdiscard = flags & RULEFLAG_QSDISCARD;
> >      int qslast = flags & RULEFLAG_QSLAST;
> >
> > -    if (flags & RULEFLAG_QSNONE) {
> > -        rewritelog(r, 2, NULL, "discarding query string, no parse from substitution");
> > -        r->args = NULL;
> > -        return;
> > -    }
> > -
> >      /* don't touch, unless it's a scheme for which a query string makes sense.
> >       * See RFC 1738 and RFC 2368.
> >       */
> > @@ -853,6 +847,10 @@ static void splitout_queryargs(request_r
> >                 r->args[len-1] = '\0';
> >             }
> >          }
> > +        if (flags & RULEFLAG_QSNONE) {
> > +            rewritelog(r, 2, NULL, "discarding query string, no parse from substitution");
> > +            r->args = NULL;
> > +        }
>
> Why moving it here? This means that we remove '?' that where originally encoded in the URL and everything after this from the
> resulting URL due to the
>
> *q++ = '\0';
>
> above, but we don't put them in r->args either if RULEFLAG_QSNONE is set e.g. if we end on a '?' in the rewrite template and no
> QSA / QSD being set. I think in this case we should not touch any '?' in the result and just treat them as decoded '?' that get
> renencoded e.g. when forwarding the URL to a backend.
>

I see what you mean. I was overly focused on getting closer to the
original behavior and just ensuring an unexpected query doesn't sneak
in, but this will truncate the path if there is a capture/substitution
of an encoded query.