fix: validate regex pattern even when replacement is a secret ref

In redirect.lua and proxy-rewrite.lua, still validate the regex pattern
when only the replacement is a secret ref (using empty string as test
replacement). Only skip validation when the pattern itself is a secret ref.

Author: nic-6443

apisix/plugins/proxy-rewrite.lua

@@ -196,14 +196,16 @@ function _M.check_schema(conf)
             return false, "The length of regex_uri should be an even number"
         end
         for i = 1, #conf.regex_uri, 2 do
-            if not secret.is_secret_ref(conf.regex_uri[i])
-               and not secret.is_secret_ref(conf.regex_uri[i + 1])
-            then
-                local _, _, err = re_sub("/fake_uri", conf.regex_uri[i],
-                    conf.regex_uri[i + 1], "jo")
+            local pattern = conf.regex_uri[i]
+            local replacement = conf.regex_uri[i + 1]
+            if not secret.is_secret_ref(pattern) then
+                local test_replacement = secret.is_secret_ref(replacement)
+                                         and "" or replacement
+                local _, _, err = re_sub("/fake_uri", pattern,
+                    test_replacement, "jo")
                 if err then
-                    return false, "invalid regex_uri(" .. conf.regex_uri[i] ..
-                        ", " .. conf.regex_uri[i + 1] .. "): " .. err
+                    return false, "invalid regex_uri(" .. pattern ..
+                        ", " .. replacement .. "): " .. err
                 end
             end
         end

apisix/plugins/redirect.lua

@@ -108,14 +108,16 @@ function _M.check_schema(conf)
     end
 
     if conf.regex_uri and #conf.regex_uri > 0 then
-        if not secret.is_secret_ref(conf.regex_uri[1])
-           and not secret.is_secret_ref(conf.regex_uri[2])
-        then
-            local _, _, err = re_sub("/fake_uri", conf.regex_uri[1],
-                                     conf.regex_uri[2], "jo")
+        local pattern = conf.regex_uri[1]
+        local replacement = conf.regex_uri[2]
+        if not secret.is_secret_ref(pattern) then
+            local test_replacement = secret.is_secret_ref(replacement)
+                                     and "" or replacement
+            local _, _, err = re_sub("/fake_uri", pattern,
+                                     test_replacement, "jo")
             if err then
                 local msg = string_format("invalid regex_uri (%s, %s), err:%s",
-                                          conf.regex_uri[1], conf.regex_uri[2], err)
+                                          pattern, replacement, err)
                 return false, msg
             end
         end