Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(proxy-rewrite): escape args part if it's not from user conf #8888

Merged
merged 2 commits into from
Feb 24, 2023
Merged

fix(proxy-rewrite): escape args part if it's not from user conf #8888

merged 2 commits into from
Feb 24, 2023

Conversation

spacewander
Copy link
Member

Description

Fixes #8877

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@spacewander spacewander force-pushed the deg branch 2 times, most recently from ef0f6cd to 734d480 Compare February 20, 2023 09:13
@spacewander
fix(proxy-rewrite): escape args part if it's not from user conf
b201ff5 
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
@spacewander spacewander marked this pull request as ready for review February 20, 2023 11:48
leslie-tsang
leslie-tsang previously approved these changes Feb 22, 2023
View reviewed changes
soulbird
soulbird previously approved these changes Feb 22, 2023
View reviewed changes
@spacewander
fix regex_uri with args
641bc2d 
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
@spacewander spacewander dismissed stale reviews from soulbird and leslie-tsang via 641bc2d February 23, 2023 02:15
@spacewander spacewander merged commit c70c33e into apache:master Feb 24, 2023
@spacewander spacewander deleted the deg branch February 24, 2023 01:31
spacewander added a commit to spacewander/incubator-apisix that referenced this pull request Mar 1, 2023
@spacewander
fix(proxy-rewrite): escape args part if it's not from user conf (apac…
b6e3fd5 
…he#8888)
spacewander added a commit to spacewander/incubator-apisix that referenced this pull request Mar 1, 2023
@spacewander
fix(proxy-rewrite): escape args part if it's not from user conf (apac…
237ba55 
…he#8888)
spacewander added a commit that referenced this pull request Mar 2, 2023
@spacewander
fix(proxy-rewrite): escape args part if it's not from user conf (#8888)
ca0c7d9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tokers tokers tokers approved these changes

@soulbird soulbird soulbird approved these changes

@leslie-tsang leslie-tsang leslie-tsang approved these changes

@bzp2010 bzp2010 Awaiting requested review from bzp2010

Assignees
No one assigned
Labels
need backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: The proxy-rewrite plugin may cause CRLF injection vulnerabilities
4 participants
@spacewander @tokers @soulbird @leslie-tsang