Skip to content

Rewrite: use escaped path#5504

Merged
mholt merged 3 commits intocaddyserver:masterfrom
TP-O:rewrite-use-escaped-path
May 16, 2023
Merged

Rewrite: use escaped path#5504
mholt merged 3 commits intocaddyserver:masterfrom
TP-O:rewrite-use-escaped-path

Conversation

@TP-O
Copy link
Copy Markdown
Contributor

@TP-O TP-O commented Apr 20, 2023

Fix #5278

Using unescaped path in rewriting makes me confuse which part after ? is a query if the path contains %3F, so I thought it would be better to use an escaped path.

@TP-O
use escaped path while rewriting
42dd8ce 
Signed-off-by: TP-O <letranphong2k1@gmail.com>
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 20, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@TP-O TP-O changed the title use escaped path while rewriting Rewrite: use escaped path Apr 20, 2023
@TP-O TP-O marked this pull request as ready for review April 20, 2023 10:00
@mholt
Copy link
Copy Markdown
Member

mholt commented Apr 20, 2023

Thanks; this will need careful review, and in consideration with #5438.

@mholt mholt mentioned this pull request May 11, 2023
Open
mholt
mholt requested changes May 15, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I like the change. It's simpler code and all the exists tests still pass, along with two new test cases.

Do the test cases represent the original issue sufficiently?

Additionally, I wonder if @wlonkly could chime in and confirm that this patch works for you.

This is one of the few areas of the code that is more heavily tested, so I guess we can be confident with this, I'm just wary of unexpected edge cases especially if they relate to security issues 🙃

Comment thread modules/caddyhttp/rewrite/rewrite_test.go
@TP-O
Copy link
Copy Markdown
Contributor Author

TP-O commented May 16, 2023
edited
Loading

Honestly, I like the change. It's simpler code and all the exists tests still pass, along with two new test cases.

Do the test cases represent the original issue sufficiently?

Additionally, I wonder if @wlonkly could chime in and confirm that this patch works for you.

This is one of the few areas of the code that is more heavily tested, so I guess we can be confident with this, I'm just wary of unexpected edge cases especially if they relate to security issues upside_down_face

I think these test cases make sure the Rewrite function distinguishes between %3F and ? when checking for query string (which causes to the issue) after replacing.

@mholt mholt merged commit 13a3768 into caddyserver:master May 16, 2023
@mholt
Copy link
Copy Markdown
Member

mholt commented May 16, 2023

Thanks again for the contribution! If there are any issues reported we'll let you know 👍

@mholt mholt added this to the v2.7.0 milestone May 16, 2023
@TP-O TP-O deleted the rewrite-use-escaped-path branch May 16, 2023 15:18
@francislavoie francislavoie mentioned this pull request Feb 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mholt mholt mholt requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v2.7.0

Development

Successfully merging this pull request may close these issues.

try_files possibly double-escaping URI-encoded characters (%3F)

3 participants

@TP-O @CLAassistant @mholt