You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2023/04/28 06:20:27 UTC
svn commit: r1909464 - in /httpd/httpd/trunk: changes-entries/pr66580.txt modules/proxy/proxy_util.c
Author: rpluem
Date: Fri Apr 28 06:20:27 2023
New Revision: 1909464
URL: http://svn.apache.org/viewvc?rev=1909464&view=rev
Log:
* In the reverse proxy case when we only want to keep encoded slashes untouched
we can have decoded '%''s in the URI that got sent to us in the original URL
as %25. Don't error out in this case but just fall through and have them
encoded to %25 when forwarding to the backend.
PR: 66580
Added:
httpd/httpd/trunk/changes-entries/pr66580.txt (with props)
Modified:
httpd/httpd/trunk/modules/proxy/proxy_util.c
Added: httpd/httpd/trunk/changes-entries/pr66580.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/pr66580.txt?rev=1909464&view=auto
==============================================================================
--- httpd/httpd/trunk/changes-entries/pr66580.txt (added)
+++ httpd/httpd/trunk/changes-entries/pr66580.txt Fri Apr 28 06:20:27 2023
@@ -0,0 +1,3 @@
+ *) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
+ fail on literal '%' when doing the encoding of the backend URL.
+ PR 66580 [Ruediger Pluem]
Propchange: httpd/httpd/trunk/changes-entries/pr66580.txt
------------------------------------------------------------------------------
svn:eol-style = native
Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=1909464&r1=1909463&r2=1909464&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/trunk/modules/proxy/proxy_util.c Fri Apr 28 06:20:27 2023
@@ -260,26 +260,36 @@ PROXY_DECLARE(char *)ap_proxy_canonenc_e
*/
if ((forcedec || noencslashesenc
|| (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
- if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
- return NULL;
- }
- ch = ap_proxy_hex2c(&x[i + 1]);
- if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
- y[j++] = x[i++];
- y[j++] = x[i++];
- y[j] = x[i];
- continue;
+ if (apr_isxdigit(x[i + 1]) && apr_isxdigit(x[i + 2])) {
+ ch = ap_proxy_hex2c(&x[i + 1]);
+ if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
+ y[j++] = x[i++];
+ y[j++] = x[i++];
+ y[j] = x[i];
+ continue;
+ }
+ if (noencslashesenc && !forcedec && (proxyreq == PROXYREQ_REVERSE)) {
+ /*
+ * In the reverse proxy case when we only want to keep encoded
+ * slashes untouched revert back to '%' which will cause
+ * '%' to be encoded in the following.
+ */
+ ch = '%';
+ }
+ else {
+ i += 2;
+ }
}
- if (noencslashesenc && !forcedec && (proxyreq == PROXYREQ_REVERSE)) {
- /*
- * In the reverse proxy case when we only want to keep encoded
- * slashes untouched revert back to '%' which will cause
- * '%' to be encoded in the following.
- */
- ch = '%';
- }
- else {
- i += 2;
+ /*
+ * In the reverse proxy case when we only want to keep encoded
+ * slashes untouched we can have decoded '%''s in the URI that got
+ * sent to us in the original URL as %25.
+ * Don't error out in this case but just fall through and have them
+ * encoded to %25 when forwarding to the backend.
+ */
+ else if (!noencslashesenc || forcedec
+ || (proxyreq && proxyreq != PROXYREQ_REVERSE)) {
+ return NULL;
}
}
/* recode it, if necessary */