Opened 7 years ago

Closed 6 years ago

#408 closed defect (duplicate)

capture in if - escaping depends on location bug

Reported by: tchnts.wordpress.com Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.0.x
Keywords: Cc:
uname -a: Linux X 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx-1.0.14

Description (last modified by Maxim Dounin)

I am capturing some data in if, and then redirecting on what was captured. The problem is, that captured data is escaped if url contains "%" char, and may be others, and do not escaped if it does not. I have simple config:

Having simple config

location / {
    set $out "http://example.com/?a=b&c=d%";
    if ($out ~ "(.*)") {
        set $z $1;
        rewrite ^ $z redirect;
    }
}

Making 2 requests:

telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET / HTTP/1.0
Host: my.ru

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.14
Date: Thu, 22 Mar 2012 02:20:14 GMT
Content-Type: text/html
Content-Length: 161
Connection: close
Location: http://example.com/?a=b&c=d%

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.0.14</center>
</body>
</html>
Connection closed by foreign host.
telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /% HTTP/1.0
Host: my.ru

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.14
Date: Thu, 22 Mar 2012 02:21:00 GMT
Content-Type: text/html
Content-Length: 161
Connection: close
Location: http://example.com/?a=b%26c=d%25

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.0.14</center>
</body>
</html>
Connection closed by foreign host.

Expected the same location as in first request, but got another.
Tested on nginx-1.0.14 , nginx-1.0.6 .

Change History (4)

comment:1 by tchnts.wordpress.com, 7 years ago

location / {
set $out "http://example.com/?a=b&c=d%";
if ( $out ~ "(.*)" ){
set $z $1;
rewrite ^ $z redirect;
}

comment:2 by Maxim Dounin, 6 years ago

Description: modified (diff)

comment:3 by Maxim Dounin, 6 years ago

See also #589.

comment:4 by Maxim Dounin, 6 years ago

Resolution: duplicate
Status: newclosed

It looks like we already have a ticket for this - #348. Closing this as a duplicate.

Note: See TracTickets for help on using tickets.