Follow up to r1919620: Restore r->filename re-encoding for ProxyPass URLs.

ylavic · ylavic · commit d4f6ad9ec6e8 · 2024-10-10T18:05:07.000+02:00
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919628 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/changes-entries/bz69203.txt b/changes-entries/bz69203.txt
@@ -1 +1,2 @@
-  *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME. PR 69203. [Yann Ylavic]
+  *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
+     PR 69203. [Yann Ylavic]
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
@@ -1240,6 +1240,7 @@ static int proxy_handler(request_rec *r)
 
         r->proxyreq = PROXYREQ_REVERSE;
         r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+        apr_table_setn(r->notes, "proxy-sethandler", "1");
 
         /* Still need to canonicalize r->filename */
         rc = ap_proxy_canon_url(r);
@@ -1249,6 +1250,7 @@ static int proxy_handler(request_rec *r)
         }
     }
     else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {
+        apr_table_unset(r->notes, "proxy-sethandler");
         rc = OK;
     }
     if (rc != OK) {
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
@@ -59,10 +59,13 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
 {
     char *host, sport[7];
     const char *err;
-    char *path, *pc;
+    char *path;
     apr_port_t port, def_port;
     fcgi_req_config_t *rconf = NULL;
     const char *pathinfo_type = NULL;
+    fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config,
+                                                 &proxy_fcgi_module);
+    int from_handler;
 
     if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) {
         url += 5;
@@ -71,12 +74,11 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
         return DECLINED;
     }
 
-    path = url;
     port = def_port = ap_proxy_port_of_scheme("fcgi");
 
     ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
                  "canonicalising URL %s", url);
-    err = ap_proxy_canon_netloc(r->pool, &path, NULL, NULL, &host, &port);
+    err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port);
     if (err) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01059)
                       "error parsing URL %s: %s", url, err);
@@ -93,20 +95,40 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
         host = apr_pstrcat(r->pool, "[", host, "]", NULL);
     }
 
-    /* We do not call ap_proxy_canonenc_ex() on the path here because the CGI
-     * environment variable SCRIPT_FILENAME based on it want the decoded/local
-     * path, don't let control characters pass still.
-     *
-     * XXX: should we encode based on dconf->backend_type though?
-     */
-    for (pc = path; *pc; pc++) {
-        if (apr_iscntrl(*pc)) {
+    from_handler = apr_table_get(r->notes, "proxy-sethandler") != NULL;
+    if (from_handler
+        || apr_table_get(r->notes, "proxy-nocanon")
+        || apr_table_get(r->notes, "proxy-noencode")) {
+        char *c = path = url;   /* this is the raw path */
+
+        /* We do not call ap_proxy_canonenc_ex() on the path here, don't
+         * let control characters pass still, and for php-fpm no '?' either.
+         */
+        if (FCGI_MAY_BE_FPM(dconf)) {
+            while (!apr_iscntrl(*c) && *c != '?')
+                c++;
+        }
+        else {
+            while (!apr_iscntrl(*c))
+                c++;
+        }
+        if (*c) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
-                          "To be forwarded path contains control "
-                          "characters");
+                          "To be forwarded path contains control characters%s",
+                          FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "");
             return HTTP_FORBIDDEN;
         }
     }
+    else {
+        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+                                    r->proxyreq);
+        if (!path) {
+            return HTTP_BAD_REQUEST;
+        }
+    }
 
     r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/",
                               path, NULL);

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`- *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME. PR 69203. [Yann Ylavic]`
	`1`	`+ *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.`
	`2`	`+ PR 69203. [Yann Ylavic]`
Original file line number	Diff line number	Diff line change
`@@ -1240,6 +1240,7 @@ static int proxy_handler(request_rec *r)`
`1240`	`1240`
`1241`	`1241`	`r->proxyreq = PROXYREQ_REVERSE;`
`1242`	`1242`	`r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);`
	`1243`	`+ apr_table_setn(r->notes, "proxy-sethandler", "1");`
`1243`	`1244`
`1244`	`1245`	`/* Still need to canonicalize r->filename */`
`1245`	`1246`	`rc = ap_proxy_canon_url(r);`
`@@ -1249,6 +1250,7 @@ static int proxy_handler(request_rec *r)`
`1249`	`1250`	`}`
`1250`	`1251`	`}`
`1251`	`1252`	`else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {`
	`1253`	`+ apr_table_unset(r->notes, "proxy-sethandler");`
`1252`	`1254`	`rc = OK;`
`1253`	`1255`	`}`
`1254`	`1256`	`if (rc != OK) {`