Skip to content

Commit bb30f6d

Browse files
committed
bugfix: ngx.escape_uri() did not escape "|", ",", "$", "@", and "`".
1 parent 3294b1d commit bb30f6d

File tree

2 files changed

+24
-6
lines changed

2 files changed

+24
-6
lines changed

src/ngx_http_lua_string.c

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -125,12 +125,13 @@ ngx_http_lua_ngx_escape_uri(lua_State *L)
125125
return 1;
126126
}
127127

128-
escape = 2 * ngx_http_lua_escape_uri(NULL, src, len, NGX_ESCAPE_URI);
128+
escape = 2 * ngx_http_lua_escape_uri(NULL, src, len,
129+
NGX_ESCAPE_URI_COMPONENT);
129130

130131
if (escape) {
131132
dlen = escape + len;
132133
dst = lua_newuserdata(L, dlen);
133-
ngx_http_lua_escape_uri(dst, src, len, NGX_ESCAPE_URI);
134+
ngx_http_lua_escape_uri(dst, src, len, NGX_ESCAPE_URI_COMPONENT);
134135
lua_pushlstring(L, (char *) dst, dlen);
135136
}
136137

@@ -751,14 +752,14 @@ size_t
751752
ngx_http_lua_ffi_uri_escaped_length(const u_char *src, size_t len)
752753
{
753754
return len + 2 * ngx_http_lua_escape_uri(NULL, (u_char *) src, len,
754-
NGX_ESCAPE_URI);
755+
NGX_ESCAPE_URI_COMPONENT);
755756
}
756757

757758

758759
void
759760
ngx_http_lua_ffi_escape_uri(const u_char *src, size_t len, u_char *dst)
760761
{
761-
ngx_http_lua_escape_uri(dst, (u_char *) src, len, NGX_ESCAPE_URI);
762+
ngx_http_lua_escape_uri(dst, (u_char *) src, len, NGX_ESCAPE_URI_COMPONENT);
762763
}
763764

764765
#endif

t/006-escape.t

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,8 @@
33
use Test::Nginx::Socket::Lua;
44

55
repeat_each(2);
6-
#repeat_each(1);
76

8-
plan tests => repeat_each() * (blocks() * 2 + 1);
7+
plan tests => repeat_each() * (blocks() * 2 + 2);
98

109
no_long_string();
1110

@@ -180,3 +179,21 @@ GET /t
180179
GET /t
181180
--- response_body
182181
[32]
182+
183+
184+
185+
=== TEST 14: reserved chars
186+
--- config
187+
location /lua {
188+
content_by_lua_block {
189+
ngx.say(ngx.escape_uri("-_.!~*'()"))
190+
ngx.say(ngx.escape_uri(",$@|`"))
191+
}
192+
}
193+
--- request
194+
GET /lua
195+
--- response_body
196+
-_.!~*'()
197+
%2C%24%40%7C%60
198+
--- no_error_log
199+
[error]

0 commit comments

Comments
 (0)