MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex

Now, only one capture is mandatory in the path-info regex, the one matching the script-name. The path-info capture is optional. Of couse, it must be defined to fill the PATH_INFO parameter. But it is not mandatory. This way, it is possible to get the script-name part from the path, excluding the path-info. This patch is small enough to be backported to 2.1.
2025-02-18 19:56:59 +00:00 · 2020-02-14 16:55:52 +01:00 · 2020-02-14 16:55:52 +01:00 · 6c57f2da43
commit 6c57f2da43
parent 88a2f0304c
2 changed files with 18 additions and 11 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -18727,10 +18727,13 @@ pass-header <name> [ { if | unless } <condition> ]

 path-info <regex>
  Define a regular expression to extract the script-name and the path-info from
-  the URL-decoded path. Thus, <regex> should have two captures: the first one
-  to capture the script name and the second one to capture the path-info. It is
-  an optional setting. If it is not defined, no matching is performed on the
-  path. and the FastCGI parameters PATH_INFO and PATH_TRANSLATED are not filled.
+  the URL-decoded path. Thus, <regex> may have two captures: the first one to
+  capture the script name and the second one to capture the path-info. The
+  first one is mandatory, the second one is optional. This way, it is possible
+  to extract the script-name from the path ignoring the path-info. It is an
+  optional setting. If it is not defined, no matching is performed on the
+  path. and the FastCGI parameters PATH_INFO and PATH_TRANSLATED are not
+  filled.

  For security reason, when this regular expression is defined, the newline and
  the null characters are forbiden from the path, once URL-decoded. The reason
@ -18740,7 +18743,8 @@ path-info <regex>
  returned to the client. The principle of least astonishment is applied here.

  Example :
-     path-info ^(/.+\.php)(/.*)?$
+     path-info ^(/.+\.php)(/.*)?$ # both script-name and path-info may be set
+     path-info ^(/.+\.php)        # the path-info is ignored

 option get-values
 no option get-values
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@ -1360,16 +1360,19 @@ static int fcgi_set_default_param(struct fcgi_conn *fconn, struct fcgi_strm *fst
 		if (!regex_exec_match2(fconn->app->pathinfo_re, path.ptr, len, MAX_MATCH, pmatch, 0))
 			goto check_index;

-		/* We must have at least 2 captures, otherwise we do nothing and
-		 * jump to the last part. Only first 2 ones will be considered
+		/* We must have at least 1 capture for the script name,
+		 * otherwise we do nothing and jump to the last part.
 		 */
-		if (pmatch[1].rm_so == -1 || pmatch[1].rm_eo == -1 ||
-		    pmatch[2].rm_so == -1 || pmatch[2].rm_eo == -1)
+		if (pmatch[1].rm_so == -1 || pmatch[1].rm_eo == -1)
 			goto check_index;

-		/* Finally we can set the script_name and the path_info */
+		/* Finally we can set the script_name and the path_info. The
+		 * path_info is set if not already defined, and if it was
+		 * captured
+		 */
 		params->scriptname = ist2(path.ptr + pmatch[1].rm_so, pmatch[1].rm_eo - pmatch[1].rm_so);
-		params->pathinfo   = ist2(path.ptr + pmatch[2].rm_so, pmatch[2].rm_eo - pmatch[2].rm_so);
+		if (!(params->mask & FCGI_SP_PATH_INFO) &&  (pmatch[2].rm_so == -1 || pmatch[2].rm_eo == -1))
+			params->pathinfo = ist2(path.ptr + pmatch[2].rm_so, pmatch[2].rm_eo - pmatch[2].rm_so);

 	  check_index:
 		len = params->scriptname.len;