From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 11 Sep 2024 15:56:33 +0000 (+0000)
Subject: * Leave the proper escaping of the URL and the adding of r->args to the
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4348e8cb7d8c41b1c8019ceb0a1612bb4a3384f7;p=thirdparty%2Fapache%2Fhttpd.git

* Leave the proper escaping of the URL and the adding of r->args to the
  proxy module which runs after us after r1920570.
  Just take care to add r->args in case the proxy rule has the
  [NE] flag set and tell the proxy module to not escape in this case.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920571 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 2fce0c839ae..5f73f8bce21 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4523,20 +4523,6 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
      * ourself).
      */
     if (p->flags & RULEFLAG_PROXY) {
-        /* For rules evaluated in server context, the mod_proxy fixup
-         * hook can be relied upon to escape the URI as and when
-         * necessary, since it occurs later.  If in directory context,
-         * the ordering of the fixup hooks is forced such that
-         * mod_proxy comes first, so the URI must be escaped here
-         * instead.  See PR 39746, 46428, and other headaches. */
-        if (ctx->perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {
-            char *old_filename = r->filename;
-
-            r->filename = ap_escape_uri(r->pool, r->filename);
-            rewritelog(r, 2, ctx->perdir, "escaped URI in per-dir context "
-                       "for proxy, %s -> %s", old_filename, r->filename);
-        }
-
         fully_qualify_uri(r);
 
         rewritelog(r, 2, ctx->perdir, "forcing proxy-throughput with %s",
@@ -5085,7 +5071,7 @@ static int hook_uri2file(request_rec *r)
             }
             if ((r->args != NULL)
                 && ((r->proxyreq == PROXYREQ_PROXY)
-                    || (rulestatus == ACTION_NOESCAPE))) {
+                    || apr_table_get(r->notes, "proxy-nocanon"))) {
                 /* see proxy_http:proxy_http_canon() */
                 r->filename = apr_pstrcat(r->pool, r->filename,
                                           "?", r->args, NULL);
@@ -5388,13 +5374,18 @@ static int hook_fixup(request_rec *r)
                 return HTTP_FORBIDDEN;
             }
 
-            /* make sure the QUERY_STRING and
-             * PATH_INFO parts get incorporated
+            if (rulestatus == ACTION_NOESCAPE) {
+                apr_table_setn(r->notes, "proxy-nocanon", "1");
+            }
+
+            /* make sure the QUERY_STRING gets incorporated in the case
+             * [NE] was specified on the Proxy rule. We are preventing
+             * mod_proxy canon handler from incorporating r->args as well
+             * as escaping the URL.
              * (r->path_info was already appended by the
              * rewriting engine because of the per-dir context!)
              */
-            if (r->args != NULL) {
-                /* see proxy_http:proxy_http_canon() */
+            if ((r->args != NULL) && apr_table_get(r->notes, "proxy-nocanon")) {
                 r->filename = apr_pstrcat(r->pool, r->filename,
                                           "?", r->args, NULL);
             }