Mercurial > hg > nginx
changeset 1512:b19709ee1f52 stable-0.5
r1406 merge:
escape " ", "%", and %00-%1F in login and password
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Sat, 22 Sep 2007 19:15:01 +0000 |
parents | 0c5c8ab56a44 |
children | bf7814d77484 |
files | src/core/ngx_string.c src/core/ngx_string.h src/mail/ngx_mail_auth_http_module.c src/mail/ngx_mail_parse.c |
diffstat | 4 files changed, 19 insertions(+), 37 deletions(-) [+] |
line wrap: on
line diff
--- a/src/core/ngx_string.c Sat Sep 22 19:12:53 2007 +0000 +++ b/src/core/ngx_string.c Sat Sep 22 19:15:01 2007 +0000 @@ -1019,7 +1019,7 @@ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", """, "%", "'", %00-%1F, %7F-%FF */ + /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t html[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ @@ -1039,13 +1039,13 @@ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", """, "'", %00-%1F, %7F-%FF */ + /* " ", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t refresh[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ - 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */ + 0x000000a5, /* 0000 0000 0000 0000 0000 0000 1010 0101 */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1059,13 +1059,13 @@ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", %00-%1F */ + /* " ", "%", %00-%1F */ static uint32_t memcached[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ - 0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */ + 0x00000021, /* 0000 0000 0000 0000 0000 0000 0010 0001 */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1079,7 +1079,10 @@ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ }; - static uint32_t *map[] = { uri, args, html, refresh, memcached }; + /* mail_auth is the same as memcached */ + + static uint32_t *map[] = + { uri, args, html, refresh, memcached, memcached }; escape = map[type];
--- a/src/core/ngx_string.h Sat Sep 22 19:12:53 2007 +0000 +++ b/src/core/ngx_string.h Sat Sep 22 19:15:01 2007 +0000 @@ -155,6 +155,7 @@ #define NGX_ESCAPE_HTML 2 #define NGX_ESCAPE_REFRESH 3 #define NGX_ESCAPE_MEMCACHED 4 +#define NGX_ESCAPE_MAIL_AUTH 5 #define NGX_UNESCAPE_URI 1
--- a/src/mail/ngx_mail_auth_http_module.c Sat Sep 22 19:12:53 2007 +0000 +++ b/src/mail/ngx_mail_auth_http_module.c Sat Sep 22 19:15:01 2007 +0000 @@ -1251,18 +1251,10 @@ static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) { - u_char ch, *p; - ngx_uint_t i, n; - - n = 0; + u_char *p; + uintptr_t n; - for (i = 0; i < text->len; i++) { - ch = text->data[i]; - - if (ch == CR || ch == LF) { - n++; - } - } + n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); if (n == 0) { *escaped = *text; @@ -1276,27 +1268,9 @@ return NGX_ERROR; } - escaped->data = p; - - for (i = 0; i < text->len; i++) { - ch = text->data[i]; + (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); - if (ch == CR) { - *p++ = '%'; - *p++ = '0'; - *p++ = 'D'; - continue; - } - - if (ch == LF) { - *p++ = '%'; - *p++ = '0'; - *p++ = 'A'; - continue; - } - - *p++ = ch; - } + escaped->data = p; return NGX_OK; }