From 9f34383c02f1691e54280285a6499893fcbbb4c7 Mon Sep 17 00:00:00 2001
From: WeidiDeng <weidi_deng@icloud.com>
Date: Sat, 5 Aug 2023 00:44:38 +0800
Subject: caddyfile: check that matched key is not a substring of the
 replacement key (#5685)

---
 caddyconfig/caddyfile/importargs.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'caddyconfig/caddyfile/importargs.go')

diff --git a/caddyconfig/caddyfile/importargs.go b/caddyconfig/caddyfile/importargs.go
index c6dcd85..54d648e 100644
--- a/caddyconfig/caddyfile/importargs.go
+++ b/caddyconfig/caddyfile/importargs.go
@@ -93,6 +93,11 @@ func makeArgsReplacer(args []string) *caddy.Replacer {
 		// TODO: Remove the deprecated {args.*} placeholder
 		// support at some point in the future
 		if matches := argsRegexpIndexDeprecated.FindStringSubmatch(key); len(matches) > 0 {
+			// What's matched may be a substring of the key
+			if matches[0] != key {
+				return nil, false
+			}
+
 			value, err := strconv.Atoi(matches[1])
 			if err != nil {
 				caddy.Log().Named("caddyfile").Warn(
@@ -111,6 +116,11 @@ func makeArgsReplacer(args []string) *caddy.Replacer {
 
 		// Handle args[*] form
 		if matches := argsRegexpIndex.FindStringSubmatch(key); len(matches) > 0 {
+			// What's matched may be a substring of the key
+			if matches[0] != key {
+				return nil, false
+			}
+
 			if strings.Contains(matches[1], ":") {
 				caddy.Log().Named("caddyfile").Warn(
 					"Variadic placeholder {args[" + matches[1] + "]} must be a token on its own")
-- 
cgit v1.2.3