summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--changes-entries/bz69203.txt3
-rw-r--r--modules/proxy/mod_proxy.c2
-rw-r--r--modules/proxy/mod_proxy_fcgi.c48
3 files changed, 39 insertions, 14 deletions
diff --git a/changes-entries/bz69203.txt b/changes-entries/bz69203.txt
index 4d9080ba37..2408352a3b 100644
--- a/changes-entries/bz69203.txt
+++ b/changes-entries/bz69203.txt
@@ -1 +1,2 @@
- *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME. PR 69203. [Yann Ylavic] \ No newline at end of file
+ *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
+ PR 69203. [Yann Ylavic] \ No newline at end of file
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 0b6be1a1b0..a4e7a1aed1 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1246,6 +1246,7 @@ static int proxy_handler(request_rec *r)
r->proxyreq = PROXYREQ_REVERSE;
r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+ apr_table_setn(r->notes, "proxy-sethandler", "1");
/* Still need to canonicalize r->filename */
rc = ap_proxy_canon_url(r);
@@ -1255,6 +1256,7 @@ static int proxy_handler(request_rec *r)
}
}
else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {
+ apr_table_unset(r->notes, "proxy-sethandler");
rc = OK;
}
if (rc != OK) {
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index 9f2fbf34e9..94aeae7ac4 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -59,10 +59,13 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
{
char *host, sport[7];
const char *err;
- char *path, *pc;
+ char *path;
apr_port_t port, def_port;
fcgi_req_config_t *rconf = NULL;
const char *pathinfo_type = NULL;
+ fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config,
+ &proxy_fcgi_module);
+ int from_handler;
if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) {
url += 5;
@@ -71,12 +74,11 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
return DECLINED;
}
- path = url;
port = def_port = ap_proxy_port_of_scheme("fcgi");
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"canonicalising URL %s", url);
- err = ap_proxy_canon_netloc(r->pool, &path, NULL, NULL, &host, &port);
+ err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port);
if (err) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01059)
"error parsing URL %s: %s", url, err);
@@ -93,20 +95,40 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
host = apr_pstrcat(r->pool, "[", host, "]", NULL);
}
- /* We do not call ap_proxy_canonenc_ex() on the path here because the CGI
- * environment variable SCRIPT_FILENAME based on it want the decoded/local
- * path, don't let control characters pass still.
- *
- * XXX: should we encode based on dconf->backend_type though?
- */
- for (pc = path; *pc; pc++) {
- if (apr_iscntrl(*pc)) {
+ from_handler = apr_table_get(r->notes, "proxy-sethandler") != NULL;
+ if (from_handler
+ || apr_table_get(r->notes, "proxy-nocanon")
+ || apr_table_get(r->notes, "proxy-noencode")) {
+ char *c = path = url; /* this is the raw path */
+
+ /* We do not call ap_proxy_canonenc_ex() on the path here, don't
+ * let control characters pass still, and for php-fpm no '?' either.
+ */
+ if (FCGI_MAY_BE_FPM(dconf)) {
+ while (!apr_iscntrl(*c) && *c != '?')
+ c++;
+ }
+ else {
+ while (!apr_iscntrl(*c))
+ c++;
+ }
+ if (*c) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
- "To be forwarded path contains control "
- "characters");
+ "To be forwarded path contains control characters%s",
+ FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "");
return HTTP_FORBIDDEN;
}
}
+ else {
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
+ }
r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/",
path, NULL);