From 2c44989f4a43ca2578a20cff10a9e82663ad5129 Mon Sep 17 00:00:00 2001
From: Andrew Krasichkov <buglloc@yandex.ru>
Date: Fri, 2 Mar 2018 12:49:14 +0300
Subject: [PATCH] Exclude CR from HTTP Request splitting

---
 gixy/plugins/http_splitting.py                            | 3 ++-
 tests/plugins/simply/http_splitting/proxy_pass_cr_fp.conf | 3 +++
 tests/plugins/simply/http_splitting/proxy_pass_lf.conf    | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 tests/plugins/simply/http_splitting/proxy_pass_cr_fp.conf
 create mode 100644 tests/plugins/simply/http_splitting/proxy_pass_lf.conf

diff --git a/gixy/plugins/http_splitting.py b/gixy/plugins/http_splitting.py
index 40cb6eb..62a104a 100644
--- a/gixy/plugins/http_splitting.py
+++ b/gixy/plugins/http_splitting.py
@@ -28,11 +28,12 @@ class http_splitting(Plugin):
         if not value:
             return
 
+        server_side = directive.name.startswith('proxy_')
         for var in compile_script(value):
             char = ''
             if var.can_contain('\n'):
                 char = '\\n'
-            elif var.can_contain('\r'):
+            elif not server_side and var.can_contain('\r'):
                 char = '\\r'
             else:
                 continue
diff --git a/tests/plugins/simply/http_splitting/proxy_pass_cr_fp.conf b/tests/plugins/simply/http_splitting/proxy_pass_cr_fp.conf
new file mode 100644
index 0000000..2205f30
--- /dev/null
+++ b/tests/plugins/simply/http_splitting/proxy_pass_cr_fp.conf
@@ -0,0 +1,3 @@
+location ~* ^/test/(.*) {
+    proxy_pass http://10.10.10.10/$1;
+}
diff --git a/tests/plugins/simply/http_splitting/proxy_pass_lf.conf b/tests/plugins/simply/http_splitting/proxy_pass_lf.conf
new file mode 100644
index 0000000..be1e84f
--- /dev/null
+++ b/tests/plugins/simply/http_splitting/proxy_pass_lf.conf
@@ -0,0 +1,3 @@
+location ~* ^/test/([^/]+)/ {
+    proxy_pass http://10.10.10.10/$1;
+}