增加%号过滤

匹配过滤前，url解码后先替换url里的%号为空
2013-03-25 14:05:36 +08:00 · 2013-03-25 14:05:36 +08:00 · 23a1ad397a
parent f7a9b3a8a4
commit 23a1ad397a
1 changed files with 1 additions and 1 deletions
--- a/waf.lua
+++ b/waf.lua
@ -91,7 +91,7 @@ if  ngx.re.match(ngx.var.request_uri,whitelist,"i") then
 elseif ngx.req.get_body_data() and ngx.re.match(ngx.req.get_body_data(),[[^(?!Content-Disposition: form-data;(.*)filename="(.*).(php|jsp|phtml)").*$]],"isjo") then
    return
 else
-    if ngx.re.match(ngx.unescape_uri(ngx.var.request_uri),regex.."|"..get,"isjo") then
+    if ngx.re.match(string.gsub(ngx.unescape_uri(ngx.var.request_uri),"%%",""),regex.."|"..get,"isjo") then
        log('GET',ngx.unescape_uri(ngx.var.request_uri))
        check()
    elseif ngx.req.get_body_data() and ngx.re.match(ngx.unescape_uri(ngx.req.get_body_data()),regex,"isjo")then