Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite: use escaped path #5504

Merged
merged 3 commits into from
May 16, 2023
Merged

Rewrite: use escaped path #5504

merged 3 commits into from
May 16, 2023

Conversation

TP-O
Copy link
Contributor

@TP-O TP-O commented Apr 20, 2023

Fix #5278

Using unescaped path in rewriting makes me confuse which part after ? is a query if the path contains %3F, so I thought it would be better to use an escaped path.

@TP-O
use escaped path while rewriting
42dd8ce 
Signed-off-by: TP-O <letranphong2k1@gmail.com>
@CLAassistant
Copy link

CLAassistant commented Apr 20, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@TP-O TP-O changed the title use escaped path while rewriting Rewrite: use escaped path Apr 20, 2023
@TP-O TP-O marked this pull request as ready for review April 20, 2023 10:00
@mholt
Copy link
Member

mholt commented Apr 20, 2023

Thanks; this will need careful review, and in consideration with #5438.

@mholt mholt mentioned this pull request May 11, 2023
Open
mholt
mholt requested changes May 15, 2023
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I like the change. It's simpler code and all the exists tests still pass, along with two new test cases.

Do the test cases represent the original issue sufficiently?

Additionally, I wonder if @wlonkly could chime in and confirm that this patch works for you.

This is one of the few areas of the code that is more heavily tested, so I guess we can be confident with this, I'm just wary of unexpected edge cases especially if they relate to security issues 🙃

modules/caddyhttp/rewrite/rewrite_test.go Show resolved Hide resolved
@TP-O
Copy link
Contributor Author

TP-O commented May 16, 2023
edited
Loading

Honestly, I like the change. It's simpler code and all the exists tests still pass, along with two new test cases.

Do the test cases represent the original issue sufficiently?

Additionally, I wonder if @wlonkly could chime in and confirm that this patch works for you.

This is one of the few areas of the code that is more heavily tested, so I guess we can be confident with this, I'm just wary of unexpected edge cases especially if they relate to security issues upside_down_face

I think these test cases make sure the Rewrite function distinguishes between %3F and ? when checking for query string (which causes to the issue) after replacing.

@mholt mholt merged commit 13a3768 into caddyserver:master May 16, 2023
@mholt
Copy link
Member

mholt commented May 16, 2023

Thanks again for the contribution! If there are any issues reported we'll let you know 👍

@mholt mholt added this to the v2.7.0 milestone May 16, 2023
@TP-O TP-O deleted the rewrite-use-escaped-path branch May 16, 2023 15:18
@francislavoie francislavoie mentioned this pull request Feb 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mholt mholt mholt requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.7.0
Development

Successfully merging this pull request may close these issues.

try_files possibly double-escaping URI-encoded characters (%3F)
3 participants
@TP-O @CLAassistant @mholt