[Remove entries to the current 2.0 section below, when backported]
+ *) mod_proxy: Fix incorrect decoding/unescaping for reverse proxies.
+ PR 32459, 15207. [Jim Jagielski]
+
*) Start keeping track of time-taken-to-process-request again for
mod_status if ExtendedStatus is enabled. [Jim Jagielski]
-#define FIX_15207
/* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
PROXY_DECLARE(int) ap_proxy_hex2c(const char *x);
PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x);
PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
- int isenc);
+ int forcedec, int proxyreq);
PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
char **passwordp, char **hostp, apr_port_t *port);
PROXY_DECLARE(const char *)ap_proxy_date_canon(apr_pool_t *p, const char *x);
search = r->args;
/* process path */
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, r->proxyreq);
+ path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq);
if (path == NULL)
return HTTP_BAD_REQUEST;
strp = strchr(url, ';');
if (strp != NULL) {
*(strp++) = '\0';
- parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm,
+ parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm, 0,
r->proxyreq);
if (parms == NULL)
return HTTP_BAD_REQUEST;
else
parms = "";
- path = ap_proxy_canonenc(p, url, strlen(url), enc_path, r->proxyreq);
+ path = ap_proxy_canonenc(p, url, strlen(url), enc_path, 0, r->proxyreq);
if (path == NULL)
return HTTP_BAD_REQUEST;
if (!ftp_check_string(path))
if (r->proxyreq && r->args != NULL) {
if (strp != NULL) {
- strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1);
+ strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1, r->proxyreq);
if (strp == NULL)
return HTTP_BAD_REQUEST;
parms = apr_pstrcat(p, parms, "?", strp, NULL);
}
else {
- strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1);
+ strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1, r->proxyreq);
if (strp == NULL)
return HTTP_BAD_REQUEST;
path = apr_pstrcat(p, path, "?", strp, NULL);
search = r->args;
/* process path */
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, r->proxyreq);
+ path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq);
if (path == NULL)
return HTTP_BAD_REQUEST;
* Convert a URL-encoded string to canonical form.
* It decodes characters which need not be encoded,
* and encodes those which must be encoded, and does not touch
- * those which must not be touched.
+ * those which must not be touched.
*/
PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
- int isenc)
+ int forcedec, int proxyreq)
{
int i, j, ch;
char *y;
y[j] = ch;
continue;
}
-/* decode it if not already done */
- if (isenc && ch == '%') {
+/*
+ * decode it if not already done. do not decode reverse proxied URLs
+ * unless specifically forced
+ */
+ if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2]))
return NULL;
ch = ap_proxy_hex2c(&x[i + 1]);
strp = strchr(user, ':');
if (strp != NULL) {
*strp = '\0';
- password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1);
+ password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1, 0);
if (password == NULL)
return "Bad %-escape in URL (password)";
}
- user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1);
+ user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1, 0);
if (user == NULL)
return "Bad %-escape in URL (username)";
}