github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Exclude CR from HTTP Request splitting

pull/79/head
Andrew Krasichkov 2018-03-02 12:49:14 +03:00
parent 902e739106
commit 2c44989f4a
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gixy/plugins/http_splitting.py
View File

@ -28,11 +28,12 @@ class http_splitting(Plugin):
if not value: if not value:
return return
server_side = directive.name.startswith('proxy_')
for var in compile_script(value): for var in compile_script(value):
char = '' char = ''
if var.can_contain('\n'): if var.can_contain('\n'):
char = '\\n' char = '\\n'
elif var.can_contain('\r'): elif not server_side and var.can_contain('\r'):
char = '\\r' char = '\\r'
else: else:
continue continue

3
tests/plugins/simply/http_splitting/proxy_pass_cr_fp.conf Normal file
View File

@ -0,0 +1,3 @@
location ~* ^/test/(.*) {
proxy_pass http://10.10.10.10/$1;
}

3
tests/plugins/simply/http_splitting/proxy_pass_lf.conf Normal file
View File

@ -0,0 +1,3 @@
location ~* ^/test/([^/]+)/ {
proxy_pass http://10.10.10.10/$1;
}