[PATCH 5 of 5] Xslt: fixed xml_entities to be resolved from prefix

[Maxim Dounin]

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1761147641 -10800
#      Wed Oct 22 18:40:41 2025 +0300
# Node ID 700181bd6df59ce05006a73f62f0e1438bc7b1fa
# Parent  c69974d6becb06d4e90db8a05f18f83886c7a668
Xslt: fixed xml_entities to be resolved from prefix.

Previously, relative values of xml_entities set in the configuration
were not processed with ngx_conf_full_name() and therefore resolved
from the process current working directory, leading to changes in
behaviour depending on the current directory during startup.  This also
differs from the expected behaviour of configuration directives, where
relative paths are expected to be resolved either from prefix or from
configuration prefix.

Fix is to use ngx_conf_full_name() to resolve xml_entities from prefix.

Note that xml_entities is handled by libxml2 xmlParseDTD() and therefore
might be used with URIs, such as "http://example.com/entities.dtd" or
"file:///path/to/entities.dtd".  This possibility was never documented
though, and highly questionable, especially nowadays (in particular, due
to no HTTPS support).  Further, support for HTTP URIs was disabled by
default in libxml2 2.13.0 and completely removed in libxml2 2.15.0.
As such, URIs are not specially handled and therefore effectively disabled
by this change.

diff --git a/src/http/modules/ngx_http_xslt_filter_module.c b/src/http/modules/ngx_http_xslt_filter_module.c
--- a/src/http/modules/ngx_http_xslt_filter_module.c
+++ b/src/http/modules/ngx_http_xslt_filter_module.c
@@ -834,6 +834,10 @@ ngx_http_xslt_entities(ngx_conf_t *cf, n
 
     value = cf->args->elts;
 
+    if (ngx_conf_full_name(cf->cycle, &value[1], 0) != NGX_OK) {
+        return NGX_CONF_ERROR;
+    }
+
     xmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_xslt_filter_module);
 
     file = xmcf->dtd_files.elts;