Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"

Old behaviour was "%%" => "%%" and "$$" => "$$" git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2148 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago · 0841482318
parent bb1d9af71c
commit 0841482318
3 changed files with 11 additions and 6 deletions
--- a/1
+++ b/1
@ -14,6 +14,7 @@ NEWS
  * Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
  * Don't send empty Server headers (#1620)
  * Fix conditional interpretation of core options
+  * Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"

 - 1.4.19 - 2008-03-10

--- a/src/mod_redirect.c
+++ b/src/mod_redirect.c
@ -215,8 +215,7 @@ static handler_t mod_redirect_uri_handler(server *srv, connection *con, void *p_

 			start = 0; end = pattern_len;
 			for (k = 0; k < pattern_len; k++) {
-				if ((pattern[k] == '$' || pattern[k] == '%') &&
-				    isdigit((unsigned char)pattern[k + 1])) {
+				if (pattern[k] == '$' || pattern[k] == '%') {
 					/* got one */

 					size_t num = pattern[k + 1] - '0';
@ -225,7 +224,10 @@ static handler_t mod_redirect_uri_handler(server *srv, connection *con, void *p_

 					buffer_append_string_len(p->location, pattern + start, end - start);

-					if (pattern[k] == '$') {
+					if (!isdigit((unsigned char)pattern[k + 1])) {
+						/* enable escape: "%%" => "%", "%a" => "%a", "$$" => "$" */
+						buffer_append_string_len(p->location, pattern+k, pattern[k] == pattern[k+1] ? 1 : 2);
+					} else if (pattern[k] == '$') {
 						/* n is always > 0 */
 						if (num < (size_t)n) {
 							buffer_append_string(p->location, list[num]);
--- a/src/mod_rewrite.c
+++ b/src/mod_rewrite.c
@ -385,8 +385,7 @@ URIHANDLER_FUNC(mod_rewrite_uri_handler) {

 			start = 0; end = pattern_len;
 			for (k = 0; k < pattern_len; k++) {
-				if ((pattern[k] == '$' || pattern[k] == '%') &&
-				    isdigit((unsigned char)pattern[k + 1])) {
+				if (pattern[k] == '$' || pattern[k] == '%') {
 					/* got one */

 					size_t num = pattern[k + 1] - '0';
@ -395,7 +394,10 @@ URIHANDLER_FUNC(mod_rewrite_uri_handler) {

 					buffer_append_string_len(con->request.uri, pattern + start, end - start);

-					if (pattern[k] == '$') {
+					if (!isdigit((unsigned char)pattern[k + 1])) {
+						/* enable escape: "%%" => "%", "%a" => "%a", "$$" => "$" */
+						buffer_append_string_len(con->request.uri, pattern+k, pattern[k] == pattern[k+1] ? 1 : 2);
+					} else if (pattern[k] == '$') {
 						/* n is always > 0 */
 						if (num < (size_t)n) {
 							buffer_append_string(con->request.uri, list[num]);