summaryrefslogtreecommitdiffhomepage
path: root/src/http/ngx_http_parse.c (follow)
AgeCommit message (Collapse)AuthorFilesLines
2012-03-15Merge of r4530, r4531: null character fixes.Maxim Dounin1-0/+14
*) Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header(). This resulted in a disclosure of previously freed memory if upstream server returned specially crafted response, potentially exposing sensitive information. Reported by Matthew Daley. *) Headers with null character are now rejected. Headers with NUL character aren't allowed by HTTP standard and may cause various security problems. They are now unconditionally rejected.
2012-02-05Merge of r4406, r4413: copyrights updated.Maxim Dounin1-0/+1
2010-06-23style fixIgor Sysoev1-1/+1
2010-06-15ngx_http_parse_status_line()Igor Sysoev1-0/+205
2010-06-15allow spaces in URIIgor Sysoev1-5/+55
2010-06-10PATCH methodIgor Sysoev1-0/+4
2010-06-04fix "/dir/%3F../" and "/dir/%23../" casesIgor Sysoev1-6/+3
2010-05-24remove r->zero_in_uriIgor Sysoev1-34/+15
2009-09-25check unsafe DestinationIgor Sysoev1-2/+4
2009-09-14handle "/../" case more reliablyIgor Sysoev1-5/+9
2009-09-02discrease slightly ngx_http_parse_header_line() size:Igor Sysoev1-2/+1
this line is not required for LF, however, this case is very seldom
2009-09-01fix segfault when a header starts with "\rX"Igor Sysoev1-0/+1
and logging is set to info or debug level
2009-07-20do not test "..." case since it's Win9x family feature onlyIgor Sysoev1-72/+0
2009-07-13allow underscore in request methodIgor Sysoev1-2/+2
2009-04-23ngx_path_separator()Igor Sysoev1-18/+5
2009-04-04refactor ngx_http_arg() using ngx_strcasestrn(),Igor Sysoev1-8/+8
back out zero termination introduced in r2138
2009-03-30fix r2579Igor Sysoev1-0/+2
2009-03-22style fix: remove tabsIgor Sysoev1-14/+14
2009-03-19ngx_http_split_args()Igor Sysoev1-0/+34
2008-12-22ngx_http_arg()Igor Sysoev1-0/+42
2008-09-24underscores_in_headersIgor Sysoev1-2/+16
2008-09-08allow underscores in client request header linesIgor Sysoev1-1/+1
2008-03-16test the more likely case firstIgor Sysoev1-2/+2
2008-03-16use the more correct maskIgor Sysoev1-1/+1
2007-12-14fix merge_slashesIgor Sysoev1-1/+1
2007-10-26compatibility with mget: space after HTTP/1.1Igor Sysoev1-0/+20
2007-10-18merge_slashesIgor Sysoev1-1/+5
2007-10-18allow full URL without URI part: "GET http://host HTTP/1.0"Igor Sysoev1-3/+21
2007-05-07optimize HTTP method parsing for i386 and amd64Igor Sysoev1-30/+80
2007-03-30disable TRACE methodIgor Sysoev1-0/+6
2006-12-14fix segfault when $host is used and request is "GET http://host HTTP/1.0"Igor Sysoev1-0/+1
2006-11-23use host part in URLIgor Sysoev1-1/+1
2006-11-14add more WebDAV methodsIgor Sysoev1-10/+76
2006-10-31style fixIgor Sysoev1-2/+1
2006-10-31style fixIgor Sysoev1-1/+1
2006-10-30treat '\' as special character in win32 onlyIgor Sysoev1-0/+4
2006-10-28style fixIgor Sysoev1-12/+13
2006-10-28undo the previous wrong commitIgor Sysoev1-13/+12
2006-10-28bad commitIgor Sysoev1-12/+13
2006-10-28change orderIgor Sysoev1-3/+3
2006-10-28optimize the most frequent casesIgor Sysoev1-21/+76
2006-10-28handle the most frequent case firstIgor Sysoev1-4/+6
2006-10-28axe unused stateIgor Sysoev1-12/+0
2006-10-28omit "#fragment"Igor Sysoev1-1/+51
2006-10-28we do not need the zero terminated r->uri for a long timeIgor Sysoev1-1/+0
2006-10-17backout r783 and add commentIgor Sysoev1-1/+3
2006-10-16add 255th array elementIgor Sysoev1-1/+1
2006-07-28nginx-0.3.55-RELEASE importrelease-0.3.55Igor Sysoev1-0/+2
*) Feature: the "stub" parameter in the "include" SSI command. *) Feature: the "block" SSI command. *) Feature: the unicode2nginx script was added to contrib. *) Bugfix: if a "root" was specified by variable only, then the root was relative to a server prefix. *) Bugfix: if the request contained "//" or "/./" and escaped symbols after them, then the proxied request was sent unescaped. *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now returns all "Cookie" header lines. *) Bugfix: a segmentation fault occurred if "client_body_in_file_only on" was used and nginx switched to a next upstream. *) Bugfix: on some condition while reconfiguration character codes inside the "charset_map" may be treated invalid; the bug had appeared in 0.3.50.
2006-06-28nginx-0.3.50-RELEASE importrelease-0.3.50Igor Sysoev1-8/+18
*) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors" directives was renamed to the "proxy_intercept_errors" and "fastcgi_intercept_errors" directives. *) Feature: the ngx_http_charset_module supports the recoding from the single byte encodings to the UTF-8 encoding and back. *) Feature: the "X-Accel-Charset" response header line is supported in proxy and FastCGI mode. *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI command was removed only if the command also has the "$" symbol. *) Bugfix: the "<!--" string might be added on some conditions in the SSI after inclusion. *) Bugfix: if the "Content-Length: 0" header line was in response, then in nonbuffered proxying mode the client connection was not closed.
2006-05-11nginx-0.3.46-RELEASE importrelease-0.3.46Igor Sysoev1-23/+27
*) Feature: the "proxy_hide_header", "proxy_pass_header", "fastcgi_hide_header", and "fastcgi_pass_header" directives. *) Change: the "proxy_pass_x_powered_by", "fastcgi_x_powered_by", and "proxy_pass_server" directives were canceled. *) Feature: the "X-Accel-Buffering" response header line is supported in proxy mode. *) Bugfix: the reconfiguration bug and memory leaks in the ngx_http_perl_module.
generated by cgit (git 2.34.1) at 2025-12-06 23:02:17 +0000