From fabb812f4d61702252401c8eb90791031fb68bbc Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 8 May 2019 21:46:56 +0000 Subject: The QUERY_STRING macro is not actually URL encoded, so fix the manual. Add a QUERY_STRING_ENC macro that is URL encoded. Patch from Tim Baumgartner ok reyk --- usr.sbin/httpd/httpd.conf.5 | 8 +++++--- usr.sbin/httpd/server_http.c | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 5 deletions(-) (limited to 'usr.sbin/httpd') diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5 index 3290048e36c..f4ea2e55766 100644 --- a/usr.sbin/httpd/httpd.conf.5 +++ b/usr.sbin/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.106 2019/05/03 17:16:27 tb Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.107 2019/05/08 21:46:56 tb Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 3 2019 $ +.Dd $Mdocdate: May 8 2019 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -208,7 +208,9 @@ may contain predefined macros that will be expanded at runtime: .It Ic $DOCUMENT_URI The request path. .It Ic $QUERY_STRING -The URL encoded query string of the request. +The query string of the request. +.It Ic $QUERY_STRING_ENC +The URL-encoded query string of the request. .It Ic $REMOTE_ADDR The IP address of the connected client. .It Ic $REMOTE_PORT diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 5a2a9072356..817588e2278 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.132 2019/05/08 21:41:06 tb Exp $ */ +/* $OpenBSD: server_http.c,v 1.133 2019/05/08 21:46:56 tb Exp $ */ /* * Copyright (c) 2006 - 2018 Reyk Floeter @@ -1034,7 +1034,7 @@ server_expand_http(struct client *clt, const char *val, char *buf, { struct http_descriptor *desc = clt->clt_descreq; struct server_config *srv_conf = clt->clt_srv_conf; - char ibuf[128], *str, *path; + char ibuf[128], *str, *path, *query; const char *errstr = NULL, *p; size_t size; int n, ret; @@ -1074,6 +1074,18 @@ server_expand_http(struct client *clt, const char *val, char *buf, if (ret != 0) return (NULL); } + if (strstr(val, "$QUERY_STRING_ENC") != NULL) { + if (desc->http_query == NULL) { + ret = expand_string(buf, len, "$QUERY_STRING_ENC", ""); + } else { + if ((query = url_encode(desc->http_query)) == NULL) + return (NULL); + ret = expand_string(buf, len, "$QUERY_STRING_ENC", query); + free(query); + } + if (ret != 0) + return (NULL); + } if (strstr(val, "$QUERY_STRING") != NULL) { if (desc->http_query == NULL) { ret = expand_string(buf, len, "$QUERY_STRING", ""); -- cgit v1.2.3-59-g8ed1b