From 724c72867835f9287b3df3ee5a0d75327c0780cf Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 17 Dec 2019 16:30:26 -0700
Subject: rewrite: Attempt query string fix (#2891)

---
 modules/caddyhttp/rewrite/rewrite.go | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'modules/caddyhttp/rewrite/rewrite.go')

diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go
index adb90f4..3a644ef 100644
--- a/modules/caddyhttp/rewrite/rewrite.go
+++ b/modules/caddyhttp/rewrite/rewrite.go
@@ -126,9 +126,24 @@ func (rewr Rewrite) rewrite(r *http.Request, repl caddy.Replacer, logger *zap.Lo
 		if newU.Path != "" {
 			r.URL.Path = newU.Path
 		}
-		if newU.RawQuery != "" {
-			newU.RawQuery = strings.TrimPrefix(newU.RawQuery, "&")
-			r.URL.RawQuery = newU.RawQuery
+		if strings.Contains(newURI, "?") {
+			// you'll notice we check for existence of a question mark
+			// instead of RawQuery != "". We do this because if the user
+			// wants to remove an existing query string, they do that by
+			// appending "?" to the path: "/foo?" -- in this case, then,
+			// RawQuery is "" but we still want to set it to that; hence,
+			// we check for a "?", which always starts a query string
+			inputQuery := newU.Query()
+			outputQuery := make(url.Values)
+			for k := range inputQuery {
+				// overwrite existing values; we don't simply keep
+				// appending because it can cause rewrite rules like
+				// "{path}{query}&a=b" with rehandling enabled to go
+				// on forever: "/foo.html?a=b&a=b&a=b..."
+				outputQuery.Set(k, inputQuery.Get(k))
+			}
+			// this sorts the keys, oh well
+			r.URL.RawQuery = outputQuery.Encode()
 		}
 		if newU.Fragment != "" {
 			r.URL.Fragment = newU.Fragment
-- 
cgit v1.2.3