diff options
author | Tran Phong <letranphong2k1@gmail.com> | 2023-05-16 22:16:07 +0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-16 09:16:07 -0600 |
commit | 13a37688dcdc1ffa8e9322dad0bffac0c0c9893a (patch) | |
tree | 2fb5683d5364ec5e5be42a7c90978fec0897b725 /modules/caddyhttp/rewrite/rewrite.go | |
parent | e8352aef38642c20ff528836b6581094f087eb99 (diff) |
rewrite: use escaped path, fix #5278 (#5504)
* use escaped path while rewriting
Signed-off-by: TP-O <letranphong2k1@gmail.com>
* restore line break
---------
Signed-off-by: TP-O <letranphong2k1@gmail.com>
Diffstat (limited to 'modules/caddyhttp/rewrite/rewrite.go')
-rw-r--r-- | modules/caddyhttp/rewrite/rewrite.go | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index 31c9778..499d217 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -195,16 +195,10 @@ func (rewr Rewrite) Rewrite(r *http.Request, repl *caddy.Replacer) bool { var newPath, newQuery, newFrag string if path != "" { - // Since the 'uri' placeholder performs a URL-encode, - // we need to intercept it so that it doesn't, because - // otherwise we risk a double-encode of the path. - uriPlaceholder := "{http.request.uri}" - if strings.Contains(path, uriPlaceholder) { - tmpUri := r.URL.Path - if r.URL.RawQuery != "" { - tmpUri += "?" + r.URL.RawQuery - } - path = strings.ReplaceAll(path, uriPlaceholder, tmpUri) + // replace the `path` placeholder to escaped path + pathPlaceholder := "{http.request.uri.path}" + if strings.Contains(path, pathPlaceholder) { + path = strings.ReplaceAll(path, pathPlaceholder, r.URL.EscapedPath()) } newPath = repl.ReplaceAll(path, "") @@ -232,7 +226,11 @@ func (rewr Rewrite) Rewrite(r *http.Request, repl *caddy.Replacer) bool { // update the URI with the new components // only after building them if pathStart >= 0 { - r.URL.Path = newPath + if path, err := url.PathUnescape(newPath); err != nil { + r.URL.Path = newPath + } else { + r.URL.Path = path + } } if qsStart >= 0 { r.URL.RawQuery = newQuery |