diff options
-rw-r--r-- | changes-entries/bz69203.txt | 3 | ||||
-rw-r--r-- | modules/proxy/mod_proxy.c | 2 | ||||
-rw-r--r-- | modules/proxy/mod_proxy_fcgi.c | 48 |
3 files changed, 39 insertions, 14 deletions
diff --git a/changes-entries/bz69203.txt b/changes-entries/bz69203.txt index 4d9080ba37..2408352a3b 100644 --- a/changes-entries/bz69203.txt +++ b/changes-entries/bz69203.txt @@ -1 +1,2 @@ - *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME. PR 69203. [Yann Ylavic]
\ No newline at end of file + *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler. + PR 69203. [Yann Ylavic]
\ No newline at end of file diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 0b6be1a1b0..a4e7a1aed1 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1246,6 +1246,7 @@ static int proxy_handler(request_rec *r) r->proxyreq = PROXYREQ_REVERSE; r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL); + apr_table_setn(r->notes, "proxy-sethandler", "1"); /* Still need to canonicalize r->filename */ rc = ap_proxy_canon_url(r); @@ -1255,6 +1256,7 @@ static int proxy_handler(request_rec *r) } } else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) { + apr_table_unset(r->notes, "proxy-sethandler"); rc = OK; } if (rc != OK) { diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c index 9f2fbf34e9..94aeae7ac4 100644 --- a/modules/proxy/mod_proxy_fcgi.c +++ b/modules/proxy/mod_proxy_fcgi.c @@ -59,10 +59,13 @@ static int proxy_fcgi_canon(request_rec *r, char *url) { char *host, sport[7]; const char *err; - char *path, *pc; + char *path; apr_port_t port, def_port; fcgi_req_config_t *rconf = NULL; const char *pathinfo_type = NULL; + fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config, + &proxy_fcgi_module); + int from_handler; if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) { url += 5; @@ -71,12 +74,11 @@ static int proxy_fcgi_canon(request_rec *r, char *url) return DECLINED; } - path = url; port = def_port = ap_proxy_port_of_scheme("fcgi"); ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "canonicalising URL %s", url); - err = ap_proxy_canon_netloc(r->pool, &path, NULL, NULL, &host, &port); + err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port); if (err) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01059) "error parsing URL %s: %s", url, err); @@ -93,20 +95,40 @@ static int proxy_fcgi_canon(request_rec *r, char *url) host = apr_pstrcat(r->pool, "[", host, "]", NULL); } - /* We do not call ap_proxy_canonenc_ex() on the path here because the CGI - * environment variable SCRIPT_FILENAME based on it want the decoded/local - * path, don't let control characters pass still. - * - * XXX: should we encode based on dconf->backend_type though? - */ - for (pc = path; *pc; pc++) { - if (apr_iscntrl(*pc)) { + from_handler = apr_table_get(r->notes, "proxy-sethandler") != NULL; + if (from_handler + || apr_table_get(r->notes, "proxy-nocanon") + || apr_table_get(r->notes, "proxy-noencode")) { + char *c = path = url; /* this is the raw path */ + + /* We do not call ap_proxy_canonenc_ex() on the path here, don't + * let control characters pass still, and for php-fpm no '?' either. + */ + if (FCGI_MAY_BE_FPM(dconf)) { + while (!apr_iscntrl(*c) && *c != '?') + c++; + } + else { + while (!apr_iscntrl(*c)) + c++; + } + if (*c) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414) - "To be forwarded path contains control " - "characters"); + "To be forwarded path contains control characters%s", + FCGI_MAY_BE_FPM(dconf) ? " or '?'" : ""); return HTTP_FORBIDDEN; } } + else { + core_dir_config *d = ap_get_core_module_config(r->per_dir_config); + int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0; + + path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags, + r->proxyreq); + if (!path) { + return HTTP_BAD_REQUEST; + } + } r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/", path, NULL); |