diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2009-10-26 17:45:55 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2009-10-26 17:45:55 +0000 |
| commit | 8232053651ecd9d2029e080bf93eb66f27f1d2f3 (patch) | |
| tree | b4ab7e09ef76c8f7bb74b45414af6a44c6847496 /src/http/modules | |
| parent | 5aa449e8ffae59f0dfdc73485971a51258391eed (diff) | |
| download | nginx-8232053651ecd9d2029e080bf93eb66f27f1d2f3.tar.gz nginx-8232053651ecd9d2029e080bf93eb66f27f1d2f3.tar.bz2 | |
merge r3162, r3183:
WebDAV fixes:
*) check unsafe Destination
*) omit '\0' from "Location" header on MKCOL request
Diffstat (limited to 'src/http/modules')
| -rw-r--r-- | src/http/modules/ngx_http_dav_module.c | 17 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_ssi_filter_module.c | 2 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c index 38e928c3d..2948eec06 100644 --- a/src/http/modules/ngx_http_dav_module.c +++ b/src/http/modules/ngx_http_dav_module.c @@ -490,6 +490,7 @@ ngx_http_dav_mkcol_handler(ngx_http_request_t *r, ngx_http_dav_loc_conf_t *dlcf) p = ngx_http_map_uri_to_path(r, &path, &root, 0); *(p - 1) = '\0'; + r->uri.len--; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http mkcol path: \"%s\"", path.data); @@ -516,8 +517,8 @@ ngx_http_dav_copy_move_handler(ngx_http_request_t *r) size_t len, root; ngx_err_t err; ngx_int_t rc, depth; - ngx_uint_t overwrite, slash, dir; - ngx_str_t path, uri; + ngx_uint_t overwrite, slash, dir, flags; + ngx_str_t path, uri, duri, args; ngx_tree_ctx_t tree; ngx_copy_file_t cf; ngx_file_info_t fi; @@ -594,6 +595,14 @@ invalid_destination: destination_done: + duri.len = last - p; + duri.data = p; + flags = 0; + + if (ngx_http_parse_unsafe_uri(r, &duri, &args, &flags) != NGX_OK) { + goto invalid_destination; + } + if ((r->uri.data[r->uri.len - 1] == '/' && *(last - 1) != '/') || (r->uri.data[r->uri.len - 1] != '/' && *(last - 1) == '/')) { @@ -656,9 +665,7 @@ overwrite_done: "http copy from: \"%s\"", path.data); uri = r->uri; - - r->uri.len = last - p; - r->uri.data = p; + r->uri = duri; ngx_http_map_uri_to_path(r, ©.path, &root, 0); diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c index 24b30a8fa..d03e58407 100644 --- a/src/http/modules/ngx_http_ssi_filter_module.c +++ b/src/http/modules/ngx_http_ssi_filter_module.c @@ -1908,7 +1908,7 @@ ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx, args.len = 0; args.data = NULL; - flags = 0; + flags = NGX_HTTP_LOG_UNSAFE; if (ngx_http_parse_unsafe_uri(r, uri, &args, &flags) != NGX_OK) { return NGX_HTTP_SSI_ERROR; |