Skip to content

Commit ea759b6

Browse files
u5surfu5surf
authored
Merge pull request #307 from u5surf/fix_encode_without_pcre2
fix: escape uri in module side
2 parents b6f6528 + 08100af commit ea759b6

File tree

4 files changed

+582
-549
lines changed

4 files changed

+582
-549
lines changed

share/status.template.html

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -631,7 +631,7 @@ <h1>
631631
? '<img class="flag flag-{}" />'.format(name.toLowerCase())
632632
: '';
633633

634-
s = '{}{}'.format(aHe('th', encodeURI('{}{}'.format(flag, name))),
634+
s = '{}{}'.format(aHe('th', '{}{}'.format(flag, name)),
635635
aHe('td', [(zone.requestCounter + zone.overCounts['maxIntegerSize'] * zone.overCounts['requestCounter']),
636636
aPs.getValue('{}.{}'.format(uniq, 'requestCounter'), zone.requestCounter), mTh(zone.requestMsec)
637637
]));
@@ -681,7 +681,7 @@ <h1>
681681

682682
clas = (n++ % 2) ? 'odd' : '';
683683

684-
s = '{}{}'.format(aHe('th', encodeURI(peer.server)),
684+
s = '{}{}'.format(aHe('th', peer.server),
685685
aHe('td', [sTh(peer.backup, peer.down), mTh(peer.responseMsec),
686686
peer.weight, peer.maxFails, peer.failTimeout,
687687
(peer.requestCounter + peer.overCounts['maxIntegerSize'] * peer.overCounts['requestCounter']),
@@ -722,7 +722,7 @@ <h1>
722722

723723
clas = (n++ % 2) ? 'odd' : '';
724724

725-
s = '{}{}'.format(aHe('th', encodeURI(name)),
725+
s = '{}{}'.format(aHe('th', name),
726726
aHe('td', [bTh(zone.maxSize),
727727
bTh(zone.usedSize),
728728
bTh(zone.outBytes + zone.overCounts['maxIntegerSize'] * zone.overCounts['outBytes']),

src/ngx_http_vhost_traffic_status_display_json.c

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ ngx_http_vhost_traffic_status_display_set_server_node(
9292
}
9393

9494
#if (NGX_HTTP_CACHE)
95+
ngx_http_vhost_traffic_status_display_encode_uri(r, &dst);
9596
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_SERVER,
9697
&dst, vtsn->stat_request_counter,
9798
vtsn->stat_in_bytes,
@@ -140,6 +141,7 @@ ngx_http_vhost_traffic_status_display_set_server_node(
140141
vtsn->stat_cache_scarce_counter_oc,
141142
vtsn->stat_request_time_counter_oc);
142143
#else
144+
ngx_http_vhost_traffic_status_display_encode_uri(r, &dst);
143145
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_SERVER,
144146
&dst, vtsn->stat_request_counter,
145147
vtsn->stat_in_bytes,
@@ -286,6 +288,31 @@ ngx_http_vhost_traffic_status_display_set_filter_node(ngx_http_request_t *r,
286288
return ngx_http_vhost_traffic_status_display_set_server_node(r, buf, &key, vtsn);
287289
}
288290

291+
void
292+
ngx_http_vhost_traffic_status_display_encode_uri(ngx_http_request_t *r,
293+
ngx_str_t *uri)
294+
{
295+
296+
size_t len;
297+
ngx_str_t *euri;
298+
u_char *p;
299+
euri = uri;
300+
len = ngx_escape_html(NULL, uri->data, uri->len);
301+
302+
if (len) {
303+
p = ngx_pnalloc(r->pool, uri->len + len);
304+
if (p == NULL) {
305+
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
306+
"display_encode_uri::ngx_pnalloc() failed");
307+
}
308+
309+
(void) ngx_escape_html(p, uri->data, uri->len);
310+
euri->data = p;
311+
euri->len = uri->len + len;
312+
uri = euri;
313+
}
314+
return;
315+
}
289316

290317
u_char *
291318
ngx_http_vhost_traffic_status_display_set_filter(ngx_http_request_t *r,
@@ -332,6 +359,7 @@ ngx_http_vhost_traffic_status_display_set_filter(ngx_http_request_t *r,
332359
"display_set_filter::escape_json_pool() failed");
333360
}
334361

362+
ngx_http_vhost_traffic_status_display_encode_uri(r, &filter);
335363
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_OBJECT_S,
336364
&filter);
337365

@@ -392,6 +420,7 @@ ngx_http_vhost_traffic_status_display_set_upstream_node(ngx_http_request_t *r,
392420
}
393421

394422
if (vtsn != NULL) {
423+
ngx_http_vhost_traffic_status_display_encode_uri(r, &key);
395424
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_UPSTREAM,
396425
&key, vtsn->stat_request_counter,
397426
vtsn->stat_in_bytes, vtsn->stat_out_bytes,
@@ -434,6 +463,7 @@ ngx_http_vhost_traffic_status_display_set_upstream_node(ngx_http_request_t *r,
434463
vtsn->stat_request_time_counter_oc, vtsn->stat_response_time_counter_oc);
435464

436465
} else {
466+
ngx_http_vhost_traffic_status_display_encode_uri(r, &key);
437467
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_UPSTREAM,
438468
&key, (ngx_atomic_uint_t) 0,
439469
(ngx_atomic_uint_t) 0, (ngx_atomic_uint_t) 0,
@@ -563,6 +593,7 @@ ngx_http_vhost_traffic_status_display_set_upstream_group(ngx_http_request_t *r,
563593

564594
o = buf;
565595

596+
ngx_http_vhost_traffic_status_display_encode_uri(r, &uscf->host);
566597
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_ARRAY_S,
567598
&uscf->host);
568599
s = buf;
@@ -703,6 +734,7 @@ ngx_http_vhost_traffic_status_display_set_upstream_group(ngx_http_request_t *r,
703734

704735
ngx_str_set(&key, "::nogroups");
705736

737+
ngx_http_vhost_traffic_status_display_encode_uri(r, &key);
706738
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_ARRAY_S, &key);
707739

708740
s = buf;
@@ -742,6 +774,7 @@ u_char
742774
"display_set_cache_node::escape_json_pool() failed");
743775
}
744776

777+
ngx_http_vhost_traffic_status_display_encode_uri(r, &key);
745778
buf = ngx_sprintf(buf, NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_CACHE,
746779
&key, vtsn->stat_cache_max_size,
747780
vtsn->stat_cache_used_size,

src/ngx_http_vhost_traffic_status_display_json.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -257,6 +257,8 @@ u_char *ngx_http_vhost_traffic_status_display_set_cache(
257257
u_char *ngx_http_vhost_traffic_status_display_set(ngx_http_request_t *r,
258258
u_char *buf);
259259

260+
void ngx_http_vhost_traffic_status_display_encode_uri(
261+
ngx_http_request_t *r, ngx_str_t *uri);
260262

261263
#endif /* _NGX_HTTP_VTS_DISPLAY_JSON_H_INCLUDED_ */
262264

0 commit comments

Comments
 (0)