Disable symlinks: added the "from" parameter support to the open file cache.
diff --git a/src/core/ngx_open_file_cache.c b/src/core/ngx_open_file_cache.c index e099f67..73a2db0 100644 --- a/src/core/ngx_open_file_cache.c +++ b/src/core/ngx_open_file_cache.c
@@ -229,6 +229,7 @@ && now - file->created < of->valid #if (NGX_HAVE_OPENAT) && of->disable_symlinks == file->disable_symlinks + && of->disable_symlinks_from == file->disable_symlinks_from #endif )) { @@ -395,6 +396,7 @@ file->err = of->err; #if (NGX_HAVE_OPENAT) file->disable_symlinks = of->disable_symlinks; + file->disable_symlinks_from = of->disable_symlinks_from; #endif if (of->err == 0) { @@ -583,7 +585,28 @@ at_name = *name; - if (*p == '/') { + if (of->disable_symlinks_from) { + + cp = p + of->disable_symlinks_from; + + *cp = '\0'; + + at_fd = ngx_open_file(p, NGX_FILE_SEARCH|NGX_FILE_NONBLOCK, + NGX_FILE_OPEN, 0); + + *cp = '/'; + + if (at_fd == NGX_INVALID_FILE) { + of->err = ngx_errno; + of->failed = ngx_open_file_n; + return NGX_INVALID_FILE; + } + + at_name.len = of->disable_symlinks_from; + p = cp + 1; + + } else if (*p == '/') { + at_fd = ngx_open_file("/", NGX_FILE_SEARCH|NGX_FILE_NONBLOCK, NGX_FILE_OPEN, 0);
diff --git a/src/core/ngx_open_file_cache.h b/src/core/ngx_open_file_cache.h index 0ff3453..d119c12 100644 --- a/src/core/ngx_open_file_cache.h +++ b/src/core/ngx_open_file_cache.h
@@ -33,6 +33,7 @@ ngx_uint_t min_uses; #if (NGX_HAVE_OPENAT) + size_t disable_symlinks_from; unsigned disable_symlinks:2; #endif @@ -69,6 +70,7 @@ uint32_t uses; #if (NGX_HAVE_OPENAT) + size_t disable_symlinks_from; unsigned disable_symlinks:2; #endif