unescape SSI include
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 93b713d..69f032e 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1243,7 +1243,9 @@
switch (state) {
case sw_usual:
- if (ch == '?' && type == NGX_UNESCAPE_URI) {
+ if (ch == '?'
+ && (type & (NGX_UNESCAPE_URI|NGX_UNESCAPE_REDIRECT)))
+ {
*d++ = ch;
goto done;
}
@@ -1286,7 +1288,7 @@
if (ch >= '0' && ch <= '9') {
ch = (u_char) ((decoded << 4) + ch - '0');
- if (type == NGX_UNESCAPE_URI) {
+ if (type & NGX_UNESCAPE_REDIRECT) {
if (ch > '%' && ch < 0x7f) {
*d++ = ch;
break;
@@ -1306,7 +1308,17 @@
if (c >= 'a' && c <= 'f') {
ch = (u_char) ((decoded << 4) + c - 'a' + 10);
- if (type == NGX_UNESCAPE_URI) {
+ if (type & NGX_UNESCAPE_URI) {
+ if (ch == '?') {
+ *d++ = ch;
+ goto done;
+ }
+
+ *d++ = ch;
+ break;
+ }
+
+ if (type & NGX_UNESCAPE_REDIRECT) {
if (ch == '?') {
*d++ = ch;
goto done;
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
index f967951..275c8db 100644
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -155,14 +155,15 @@
u_char *ngx_utf_cpystrn(u_char *dst, u_char *src, size_t n);
-#define NGX_ESCAPE_URI 0
-#define NGX_ESCAPE_ARGS 1
-#define NGX_ESCAPE_HTML 2
-#define NGX_ESCAPE_REFRESH 3
-#define NGX_ESCAPE_MEMCACHED 4
-#define NGX_ESCAPE_MAIL_AUTH 5
+#define NGX_ESCAPE_URI 0
+#define NGX_ESCAPE_ARGS 1
+#define NGX_ESCAPE_HTML 2
+#define NGX_ESCAPE_REFRESH 3
+#define NGX_ESCAPE_MEMCACHED 4
+#define NGX_ESCAPE_MAIL_AUTH 5
-#define NGX_UNESCAPE_URI 1
+#define NGX_UNESCAPE_URI 1
+#define NGX_UNESCAPE_REDIRECT 2
uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size,
ngx_uint_t type);
diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c
index 60aed18..ae72ee3 100644
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c
@@ -1858,6 +1858,8 @@
ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
ngx_str_t **params)
{
+ u_char *dst, *src;
+ size_t len;
ngx_int_t rc, key;
ngx_str_t *uri, *file, *wait, *set, *stub, args;
ngx_buf_t *b;
@@ -1927,13 +1929,25 @@
return rc;
}
- args.len = 0;
- args.data = NULL;
- flags = 0;
+ dst = uri->data;
+ src = uri->data;
+
+ ngx_unescape_uri(&dst, &src, uri->len, NGX_UNESCAPE_URI);
+
+ len = (uri->data + uri->len) - src;
+ if (len) {
+ dst = ngx_copy(dst, src, len);
+ }
+
+ uri->len = dst - uri->data;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ssi include: \"%V\"", uri);
+ args.len = 0;
+ args.data = NULL;
+ flags = 0;
+
if (ngx_http_parse_unsafe_uri(r, uri, &args, &flags) != NGX_OK) {
return NGX_HTTP_SSI_ERROR;
}
diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c
index 0fa08bc..96f618a 100644
--- a/src/http/ngx_http_script.c
+++ b/src/http/ngx_http_script.c
@@ -750,7 +750,8 @@
dst = e->buf.data;
src = e->buf.data;
- ngx_unescape_uri(&dst, &src, e->pos - e->buf.data, NGX_UNESCAPE_URI);
+ ngx_unescape_uri(&dst, &src, e->pos - e->buf.data,
+ NGX_UNESCAPE_REDIRECT);
if (src < e->pos) {
dst = ngx_copy(dst, src, e->pos - src);
