From 85d8a17575d8eba2f830f6c15283a45773fa78d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Sat, 7 Nov 2015 15:00:18 +0000
Subject: [PATCH] [core] encode path with ENCODING_REL_URI in redirect to
 directory (fixes #2661, thx gstrauss)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3052 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS                   |  1 +
 src/http-header-glue.c |  2 +-
 tests/core-response.t  | 16 ++++++++-
 tests/prepare.sh       | 81 ++++++++++++++++++++++--------------------
 4 files changed, 59 insertions(+), 41 deletions(-)

diff --git a/NEWS b/NEWS
index 8e2ff1d4..23814cfe 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ NEWS
   * [config] check config option scope; warn if server option is given in conditional
   * [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680)
   * [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
+  * [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
 
 - 1.4.37 - 2015-08-30
   * [mod_proxy] remove debug log line from error log (fixes #2659)
diff --git a/src/http-header-glue.c b/src/http-header-glue.c
index 4f970fe4..c0501f5b 100644
--- a/src/http-header-glue.c
+++ b/src/http-header-glue.c
@@ -201,7 +201,7 @@ int http_response_redirect_to_directory(server *srv, connection *con) {
 			}
 		}
 	}
-	buffer_append_string_buffer(o, con->uri.path);
+	buffer_append_string_encoded(o, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
 	buffer_append_string_len(o, CONST_STR_LEN("/"));
 	if (!buffer_string_is_empty(con->uri.query)) {
 		buffer_append_string_len(o, CONST_STR_LEN("?"));
diff --git a/tests/core-response.t b/tests/core-response.t
index ff2cf1d2..5cd784c4 100755
--- a/tests/core-response.t
+++ b/tests/core-response.t
@@ -8,7 +8,7 @@ BEGIN {
 
 use strict;
 use IO::Socket;
-use Test::More tests => 12;
+use Test::More tests => 14;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -86,6 +86,20 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => 'http://'.$tf->{HOSTNAME}.':'.$tf->{PORT}.'/dummydir/?foo' } ];
 ok($tf->handle_http($t) == 0, 'internal redirect in directory + querystring');
 
+$t->{REQUEST}  = ( <<EOF
+GET /~test%20ä_ HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => 'http://'.$tf->{HOSTNAME}.':'.$tf->{PORT}.'/~test%20%c3%a4_/' } ];
+ok($tf->handle_http($t) == 0, 'internal redirect in directory with special characters');
+
+$t->{REQUEST}  = ( <<EOF
+GET /~test%20ä_?foo HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => 'http://'.$tf->{HOSTNAME}.':'.$tf->{PORT}.'/~test%20%c3%a4_/?foo' } ];
+ok($tf->handle_http($t) == 0, 'internal redirect in directory with special characters + querystring');
+
 ## simple-vhost
 
 $t->{REQUEST}  = ( <<EOF
diff --git a/tests/prepare.sh b/tests/prepare.sh
index f24d14b4..2a0f2537 100755
--- a/tests/prepare.sh
+++ b/tests/prepare.sh
@@ -2,55 +2,58 @@
 
 set -e
 
-if test x$srcdir = x; then
+if test "x${srcdir}" = "x"; then
 	srcdir=.
 fi
 
-if test x$top_builddir = x; then
+if test "x${top_builddir}" = "x"; then
 	top_builddir=..
 fi
 
-tmpdir=$top_builddir/tests/tmp/lighttpd
+tmpdir="${top_builddir}/tests/tmp/lighttpd"
 
 # create test-framework
-rm -rf $tmpdir
-mkdir -p $tmpdir/servers/www.example.org/pages/
-mkdir -p $tmpdir/servers/www.example.org/pages/dummydir/
-mkdir -p $tmpdir/servers/www.example.org/pages/go/
-mkdir -p $tmpdir/servers/www.example.org/pages/expire/
-mkdir -p $tmpdir/servers/www.example.org/pages/indexfile/
-mkdir -p $tmpdir/servers/123.example.org/pages/
-mkdir -p $tmpdir/servers/a.example.org/pages/a/
-mkdir -p $tmpdir/servers/b.example.org/pages/b/
-mkdir -p $tmpdir/logs/
-mkdir -p $tmpdir/cache/
-mkdir -p $tmpdir/cache/compress/
+rm -rf "${tmpdir}"
+mkdir -p "${tmpdir}/servers/www.example.org/pages/"
+mkdir -p "${tmpdir}/servers/www.example.org/pages/dummydir/"
+mkdir -p "${tmpdir}/servers/www.example.org/pages/~test ä_/"
+mkdir -p "${tmpdir}/servers/www.example.org/pages/go/"
+mkdir -p "${tmpdir}/servers/www.example.org/pages/expire/"
+mkdir -p "${tmpdir}/servers/www.example.org/pages/indexfile/"
+mkdir -p "${tmpdir}/servers/123.example.org/pages/"
+mkdir -p "${tmpdir}/servers/a.example.org/pages/a/"
+mkdir -p "${tmpdir}/servers/b.example.org/pages/b/"
+mkdir -p "${tmpdir}/logs/"
+mkdir -p "${tmpdir}/cache/"
+mkdir -p "${tmpdir}/cache/compress/"
 
 # copy everything into the right places
-cp $srcdir/docroot/www/*.html \
-   $srcdir/docroot/www/*.php \
-   $srcdir/docroot/www/*.pl \
-   $srcdir/docroot/www/*.fcgi \
-   $srcdir/docroot/www/*.shtml \
-   $srcdir/docroot/www/*.txt $tmpdir/servers/www.example.org/pages/
-cp $srcdir/docroot/www/go/*.php $tmpdir/servers/www.example.org/pages/go/
-cp $srcdir/docroot/www/expire/*.txt $tmpdir/servers/www.example.org/pages/expire/
-cp $srcdir/docroot/www/indexfile/*.php $tmpdir/servers/www.example.org/pages/indexfile/
-cp $srcdir/docroot/123/*.txt \
-   $srcdir/docroot/123/*.html \
-   $srcdir/docroot/123/*.php \
-   $srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/
-cp $srcdir/lighttpd.user $tmpdir/
-cp $srcdir/lighttpd.htpasswd $tmpdir/
-cp $srcdir/var-include-sub.conf $tmpdir/../
-touch $tmpdir/servers/www.example.org/pages/image.jpg \
-      $tmpdir/servers/www.example.org/pages/image.JPG \
-      $tmpdir/servers/www.example.org/pages/Foo.txt \
-      $tmpdir/servers/www.example.org/pages/a \
-      $tmpdir/servers/www.example.org/pages/index.html~ \
-      $tmpdir/servers/a.example.org/pages/a/a.html \
-      $tmpdir/servers/b.example.org/pages/b/b.html
-echo "12345" > $tmpdir/servers/www.example.org/pages/range.pdf
+cp "${srcdir}/docroot/www/"*.html \
+   "${srcdir}/docroot/www/"*.php \
+   "${srcdir}/docroot/www/"*.pl \
+   "${srcdir}/docroot/www/"*.fcgi \
+   "${srcdir}/docroot/www/"*.shtml \
+   "${srcdir}/docroot/www/"*.txt \
+   "${tmpdir}/servers/www.example.org/pages/"
+cp "${srcdir}/docroot/www/go/"*.php "${tmpdir}/servers/www.example.org/pages/go/"
+cp "${srcdir}/docroot/www/expire/"*.txt "${tmpdir}/servers/www.example.org/pages/expire/"
+cp "${srcdir}/docroot/www/indexfile/"*.php "${tmpdir}/servers/www.example.org/pages/indexfile/"
+cp "${srcdir}/docroot/123/"*.txt \
+   "${srcdir}/docroot/123/"*.html \
+   "${srcdir}/docroot/123/"*.php \
+   "${srcdir}/docroot/123/"*.bla \
+   "${tmpdir}/servers/123.example.org/pages/"
+cp "${srcdir}/lighttpd.user" "${tmpdir}/"
+cp "${srcdir}/lighttpd.htpasswd" "${tmpdir}/"
+cp "${srcdir}/var-include-sub.conf" "${tmpdir}/../"
+touch "${tmpdir}/servers/www.example.org/pages/image.jpg" \
+      "${tmpdir}/servers/www.example.org/pages/image.JPG" \
+      "${tmpdir}/servers/www.example.org/pages/Foo.txt" \
+      "${tmpdir}/servers/www.example.org/pages/a" \
+      "${tmpdir}/servers/www.example.org/pages/index.html~" \
+      "${tmpdir}/servers/a.example.org/pages/a/a.html" \
+      "${tmpdir}/servers/b.example.org/pages/b/b.html"
+echo "12345" > "${tmpdir}/servers/www.example.org/pages/range.pdf"
 
 printf "%-40s" "preparing infrastructure"