From: Eric Covener Date: Thu, 3 Apr 2014 21:53:14 +0000 (+0000) Subject: allow users to workaround the over-agressive backreference X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ab4f12b0bbce6686468360c8129f32fbf2ff722;p=thirdparty%2Fapache%2Fhttpd.git allow users to workaround the over-agressive backreference escaping by selecting the characters to escape. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584417 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml index 675eb8fa8e2..0efa39f346e 100644 --- a/docs/manual/rewrite/flags.xml +++ b/docs/manual/rewrite/flags.xml @@ -67,8 +67,9 @@ of how you might use them.

B (escape backreferences)

The [B] flag instructs RewriteRule to escape non-alphanumeric -characters before applying the transformation. -

+characters before applying the transformation.

+

In 2.4.10 and later, you can limit the escaping to specific characters +in backreferences by listing them: [B=#?;]

mod_rewrite has to unescape URLs before mapping them, so backreferences are unescaped at the time they are applied. @@ -95,6 +96,9 @@ returns a 404 if it sees one.

This escaping is particularly necessary in a proxy situation, when the backend may break if presented with an unescaped URL.

+

An alternative to this flag is using a RewriteCond to capture against %{THE_REQUEST} which will capture +strings in the encoded form.

C|chain diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 7122cb425d3..5e281769d28 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -319,6 +319,7 @@ typedef struct { data_item *cookie; /* added cookies */ int skip; /* number of next rules to skip */ int maxrounds; /* limit on number of loops with N flag */ + char *escapes; /* specific backref escapes */ } rewriterule_entry; typedef struct { @@ -419,7 +420,7 @@ static const char *rewritemap_mutex_type = "rewrite-map"; /* Optional functions imported from mod_ssl when loaded: */ static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL; static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL; -static char *escape_uri(apr_pool_t *p, const char *path); +static char *escape_uri(apr_pool_t *p, const char *path, const char *escapeme); /* * +-------------------------------------------------------+ @@ -631,21 +632,36 @@ static APR_INLINE unsigned char *c2x(unsigned what, unsigned char prefix, * Escapes a uri in a similar way as php's urlencode does. * Based on ap_os_escape_path in server/util.c */ -static char *escape_uri(apr_pool_t *p, const char *path) { +static char *escape_uri(apr_pool_t *p, const char *path, const char *escapeme) { char *copy = apr_palloc(p, 3 * strlen(path) + 3); const unsigned char *s = (const unsigned char *)path; unsigned char *d = (unsigned char *)copy; unsigned c; while ((c = *s)) { - if (apr_isalnum(c) || c == '_') { - *d++ = c; - } - else if (c == ' ') { - *d++ = '+'; + if (!escapeme) { + if (apr_isalnum(c) || c == '_') { + *d++ = c; + } + else if (c == ' ') { + *d++ = '+'; + } + else { + d = c2x(c, '%', d); + } } - else { - d = c2x(c, '%', d); + else { + const char *esc = escapeme; + while (*esc) { + if (c == *esc) { + d = c2x(c, '%', d); + break; + } + ++esc; + } + if (!*esc) { + *d++ = c; + } } ++s; } @@ -2368,7 +2384,7 @@ static char *do_expand(char *input, rewrite_ctx *ctx, rewriterule_entry *entry) /* escape the backreference */ char *tmp2, *tmp; tmp = apr_pstrmemdup(pool, bri->source + bri->regmatch[n].rm_so, span); - tmp2 = escape_uri(pool, tmp); + tmp2 = escape_uri(pool, tmp, entry->escapes); rewritelog((ctx->r, 5, ctx->perdir, "escaping backreference '%s' to '%s'", tmp, tmp2)); @@ -3415,6 +3431,9 @@ static const char *cmd_rewriterule_setflag(apr_pool_t *p, void *_cfg, case 'B': if (!*key || !strcasecmp(key, "ackrefescaping")) { cfg->flags |= RULEFLAG_ESCAPEBACKREF; + if (val && *val) { + cfg->escapes = val; + } } else { ++error;