From: Jim Jagielski Date: Thu, 3 Feb 2005 13:38:24 +0000 (+0000) Subject: Close PR 32459, 15207. API change for PROXY_DECLARE ap_proxy_canonenc() X-Git-Tag: 2.1.3~77 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9935c31bddd81bae720fc0e1351e54aecd5ecf0a;p=apache Close PR 32459, 15207. API change for PROXY_DECLARE ap_proxy_canonenc() git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151153 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f0d49dc3b5..9b785350c7 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.1.3 [Remove entries to the current 2.0 section below, when backported] + *) mod_proxy: Fix incorrect decoding/unescaping for reverse proxies. + PR 32459, 15207. [Jim Jagielski] + *) Start keeping track of time-taken-to-process-request again for mod_status if ExtendedStatus is enabled. [Jim Jagielski] diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index f0e0ee605f..15372beb7b 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1,4 +1,3 @@ -#define FIX_15207 /* Copyright 1999-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h index 3a83c5ad8d..8e56b23cc6 100644 --- a/modules/proxy/mod_proxy.h +++ b/modules/proxy/mod_proxy.h @@ -381,7 +381,7 @@ PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r); PROXY_DECLARE(int) ap_proxy_hex2c(const char *x); PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x); PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t, - int isenc); + int forcedec, int proxyreq); PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp, char **passwordp, char **hostp, apr_port_t *port); PROXY_DECLARE(const char *)ap_proxy_date_canon(apr_pool_t *p, const char *x); diff --git a/modules/proxy/proxy_ajp.c b/modules/proxy/proxy_ajp.c index 7eec49b179..0e92715236 100644 --- a/modules/proxy/proxy_ajp.c +++ b/modules/proxy/proxy_ajp.c @@ -79,7 +79,7 @@ static int proxy_ajp_canon(request_rec *r, char *url) search = r->args; /* process path */ - path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, r->proxyreq); + path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); if (path == NULL) return HTTP_BAD_REQUEST; diff --git a/modules/proxy/proxy_ftp.c b/modules/proxy/proxy_ftp.c index 5dc6db2c0c..bcd793f5dc 100644 --- a/modules/proxy/proxy_ftp.c +++ b/modules/proxy/proxy_ftp.c @@ -166,7 +166,7 @@ static int proxy_ftp_canon(request_rec *r, char *url) strp = strchr(url, ';'); if (strp != NULL) { *(strp++) = '\0'; - parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm, + parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm, 0, r->proxyreq); if (parms == NULL) return HTTP_BAD_REQUEST; @@ -174,7 +174,7 @@ static int proxy_ftp_canon(request_rec *r, char *url) else parms = ""; - path = ap_proxy_canonenc(p, url, strlen(url), enc_path, r->proxyreq); + path = ap_proxy_canonenc(p, url, strlen(url), enc_path, 0, r->proxyreq); if (path == NULL) return HTTP_BAD_REQUEST; if (!ftp_check_string(path)) @@ -182,13 +182,13 @@ static int proxy_ftp_canon(request_rec *r, char *url) if (r->proxyreq && r->args != NULL) { if (strp != NULL) { - strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1); + strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1, r->proxyreq); if (strp == NULL) return HTTP_BAD_REQUEST; parms = apr_pstrcat(p, parms, "?", strp, NULL); } else { - strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1); + strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1, r->proxyreq); if (strp == NULL) return HTTP_BAD_REQUEST; path = apr_pstrcat(p, path, "?", strp, NULL); diff --git a/modules/proxy/proxy_http.c b/modules/proxy/proxy_http.c index 5552403313..3224a5a000 100644 --- a/modules/proxy/proxy_http.c +++ b/modules/proxy/proxy_http.c @@ -79,7 +79,7 @@ static int proxy_http_canon(request_rec *r, char *url) search = r->args; /* process path */ - path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, r->proxyreq); + path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); if (path == NULL) return HTTP_BAD_REQUEST; diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 679cafd97d..0c5c846afd 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -130,10 +130,10 @@ PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x) * Convert a URL-encoded string to canonical form. * It decodes characters which need not be encoded, * and encodes those which must be encoded, and does not touch - * those which must not be touched. + * those which must not be touched. */ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t, - int isenc) + int forcedec, int proxyreq) { int i, j, ch; char *y; @@ -174,8 +174,11 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, en y[j] = ch; continue; } -/* decode it if not already done */ - if (isenc && ch == '%') { +/* + * decode it if not already done. do not decode reverse proxied URLs + * unless specifically forced + */ + if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') { if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) return NULL; ch = ap_proxy_hex2c(&x[i + 1]); @@ -238,12 +241,12 @@ PROXY_DECLARE(char *) strp = strchr(user, ':'); if (strp != NULL) { *strp = '\0'; - password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1); + password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1, 0); if (password == NULL) return "Bad %-escape in URL (password)"; } - user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1); + user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1, 0); if (user == NULL) return "Bad %-escape in URL (username)"; }