bugfix: ngx.escape_uri() did not escape "|", ",", "$", "@", and "`".

agentzh · agentzh · commit bb30f6d8b6cd · 2017-07-03T22:48:35.000-07:00
diff --git a/src/ngx_http_lua_string.c b/src/ngx_http_lua_string.c
@@ -125,12 +125,13 @@ ngx_http_lua_ngx_escape_uri(lua_State *L)
         return 1;
     }
 
-    escape = 2 * ngx_http_lua_escape_uri(NULL, src, len, NGX_ESCAPE_URI);
+    escape = 2 * ngx_http_lua_escape_uri(NULL, src, len,
+                                         NGX_ESCAPE_URI_COMPONENT);
 
     if (escape) {
         dlen = escape + len;
         dst = lua_newuserdata(L, dlen);
-        ngx_http_lua_escape_uri(dst, src, len, NGX_ESCAPE_URI);
+        ngx_http_lua_escape_uri(dst, src, len, NGX_ESCAPE_URI_COMPONENT);
         lua_pushlstring(L, (char *) dst, dlen);
     }
 
@@ -751,14 +752,14 @@ size_t
 ngx_http_lua_ffi_uri_escaped_length(const u_char *src, size_t len)
 {
     return len + 2 * ngx_http_lua_escape_uri(NULL, (u_char *) src, len,
-                                             NGX_ESCAPE_URI);
+                                             NGX_ESCAPE_URI_COMPONENT);
 }
 
 
 void
 ngx_http_lua_ffi_escape_uri(const u_char *src, size_t len, u_char *dst)
 {
-    ngx_http_lua_escape_uri(dst, (u_char *) src, len, NGX_ESCAPE_URI);
+    ngx_http_lua_escape_uri(dst, (u_char *) src, len, NGX_ESCAPE_URI_COMPONENT);
 }
 
 #endif
diff --git a/t/006-escape.t b/t/006-escape.t
@@ -3,9 +3,8 @@
 use Test::Nginx::Socket::Lua;
 
 repeat_each(2);
-#repeat_each(1);
 
-plan tests => repeat_each() * (blocks() * 2 + 1);
+plan tests => repeat_each() * (blocks() * 2 + 2);
 
 no_long_string();
 
@@ -180,3 +179,21 @@ GET /t
 GET /t
 --- response_body
 [32]
+
+
+
+=== TEST 14: reserved chars
+--- config
+    location /lua {
+        content_by_lua_block {
+            ngx.say(ngx.escape_uri("-_.!~*'()"))
+            ngx.say(ngx.escape_uri(",$@|`"))
+        }
+    }
+--- request
+GET /lua
+--- response_body
+-_.!~*'()
+%2C%24%40%7C%60
+--- no_error_log
+[error]

Original file line number	Diff line number	Diff line change
`@@ -125,12 +125,13 @@ ngx_http_lua_ngx_escape_uri(lua_State *L)`
`125`	`125`	`return 1;`
`126`	`126`	`}`
`127`	`127`
`128`		`- escape = 2 * ngx_http_lua_escape_uri(NULL, src, len, NGX_ESCAPE_URI);`
	`128`	`+ escape = 2 * ngx_http_lua_escape_uri(NULL, src, len,`
	`129`	`+ NGX_ESCAPE_URI_COMPONENT);`
`129`	`130`
`130`	`131`	`if (escape) {`
`131`	`132`	`dlen = escape + len;`
`132`	`133`	`dst = lua_newuserdata(L, dlen);`
`133`		`- ngx_http_lua_escape_uri(dst, src, len, NGX_ESCAPE_URI);`
	`134`	`+ ngx_http_lua_escape_uri(dst, src, len, NGX_ESCAPE_URI_COMPONENT);`
`134`	`135`	`lua_pushlstring(L, (char *) dst, dlen);`
`135`	`136`	`}`
`136`	`137`
`@@ -751,14 +752,14 @@ size_t`
`751`	`752`	`ngx_http_lua_ffi_uri_escaped_length(const u_char *src, size_t len)`
`752`	`753`	`{`
`753`	`754`	`return len + 2 * ngx_http_lua_escape_uri(NULL, (u_char *) src, len,`
`754`		`- NGX_ESCAPE_URI);`
	`755`	`+ NGX_ESCAPE_URI_COMPONENT);`
`755`	`756`	`}`
`756`	`757`
`757`	`758`
`758`	`759`	`void`
`759`	`760`	`ngx_http_lua_ffi_escape_uri(const u_char src, size_t len, u_char dst)`
`760`	`761`	`{`
`761`		`- ngx_http_lua_escape_uri(dst, (u_char *) src, len, NGX_ESCAPE_URI);`
	`762`	`+ ngx_http_lua_escape_uri(dst, (u_char *) src, len, NGX_ESCAPE_URI_COMPONENT);`
`762`	`763`	`}`
`763`	`764`
`764`	`765`	`#endif`