[nginx] Rewrite: fixed inconsistent escaping in "set".

[Maxim Dounin]

details:   http://freenginx.org/hg/nginx/rev/ee0b65c71b94
branches:  
changeset: 9518:ee0b65c71b94
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Tue May 19 01:56:24 2026 +0300
description:
Rewrite: fixed inconsistent escaping in "set".

Previously, the following configuration resulted in inconsistent escaping
of the $temp variable in requests to "/a/..." and "/b/...":

    location /a/ {
        if ($uri ~ (.*)) {
            set $temp $1;
        }
        return 200 $temp;
    }

    location /b/ {
        rewrite ^(.*) $1;
        if ($uri ~ (.*)) {
            set $temp $1;
        }
        return 200 $temp;
    }

In requests to "/a/..." the $1 capture contents were escaped when
copying to the $temp variable due to e->quote being initially set in
ngx_http_rewrite_handler().  And in requests to "/b/..." escaping was
not applied, since e->quote was cleared by ngx_http_script_regex_end_code().

With this change, the e->quote value set by ngx_http_script_regex_end_code()
matches the initial value set by ngx_http_rewrite_handler().  As a result,
escaping is now identical regardless of whether "set" is executed after
a rewrite or not.

Note that a better approach might be to avoid automatic escaping of
positional captures by "set" altogether.  However, this might put
existing configurations at risk if they rely on escaping being applied.
At the same time, if escaping is not desired, named captures can be used
instead.

diffstat:

 src/http/ngx_http_script.c |  2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c
--- a/src/http/ngx_http_script.c
+++ b/src/http/ngx_http_script.c
@@ -1203,7 +1203,7 @@ ngx_http_script_regex_end_code(ngx_http_
 
     r = e->request;
 
-    e->quote = 0;
+    e->quote = 1;
     e->is_args = 0;
 
     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,