RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-16 16:34:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
62ba9ba6ca
haproxy/doc
History
Willy Tarreau 62ba9ba6ca BUG/MINOR: http: make url_decode() optionally convert '+' to SP 
The url_decode() function used by the url_dec converter and a few other
call points is ambiguous on its processing of the '+' character which
itself isn't stable in the spec. This one belongs to the reserved
characters for the query string but not for the path nor the scheme,
in which it must be left as-is. It's only in argument strings that
follow the application/x-www-form-urlencoded encoding that it must be
turned into a space, that is, in query strings and POST arguments.

The problem is that the function is used to process full URLs and
paths in various configs, and to process query strings from the stats
page for example.

This patch updates the function to differentiate the situation where
it's parsing a path and a query string. A new argument indicates if a
query string should be assumed, otherwise it's only assumed after seeing
a question mark.

The various locations in the code making use of this function were
updated to take care of this (most call places were using it to decode
POST arguments).

The url_dec converter is usually called on path or url samples, so it
needs to remain compatible with this and will default to parsing a path
and turning the '+' to a space only after a question mark. However in
situations where it would explicitly be extracted from a POST or a
query string, it now becomes possible to enforce the decoding by passing
a non-null value in argument.

It seems to be what was reported in issue #585. This fix may be
backported to older stable releases.
2020-04-23 20:03:27 +02:00
..
design-thoughts DOC: assorted typo fixes in the documentation 2020-03-09 14:45:58 +01:00
internals DOC: internals: update the SSL architecture schema 2020-04-23 16:30:12 +02:00
lua-api DOC: assorted typo fixes in the documentation 2020-03-09 14:45:58 +01:00
51Degrees-device-detection.txt CLEANUP: 51d: move the 51d dummy lib to contrib/51d/src to match the real lib 2019-06-13 15:56:10 +02:00
acl.fig
architecture.txt DOC: assorted typo fixes in the documentation and Makefile 2020-03-06 10:49:55 +01:00
close-options.txt
coding-style.txt DOC: assorted typo fixes in the documentation and Makefile 2020-03-06 10:49:55 +01:00
configuration.txt BUG/MINOR: http: make url_decode() optionally convert '+' to SP 2020-04-23 20:03:27 +02:00
cookie-options.txt
DeviceAtlas-device-detection.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
gpl.txt
haproxy.1 MINOR: doc: update the manpage and usage message about -S 2019-06-13 17:09:27 +02:00
intro.txt DOC: remove references to the outdated architecture.txt 2019-12-11 11:55:52 +01:00
lgpl.txt
linux-syn-cookies.txt
lua.txt [RELEASE] Released version 2.2-dev4 2020-03-09 14:57:20 +01:00
management.txt MINOR: init: add -dW and "zero-warning" to reject configs with warnings 2020-04-15 16:42:39 +02:00
netscaler-client-ip-insertion-protocol.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
network-namespaces.txt
peers-v2.0.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
peers.txt DOC: peers: Update for dictionary cache entries for peers protocol. 2019-06-07 15:47:54 +02:00
proxy-protocol.txt DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID 2020-03-13 17:25:23 +01:00
queuing.fig
regression-testing.txt DOC: assorted typo fixes in the documentation and Makefile 2020-03-06 10:49:55 +01:00
seamless_reload.txt CLEANUP: removed obsolete examples an move a few to better places 2019-06-15 21:25:06 +02:00
SOCKS4.protocol.txt MEDIUM: connection: Upstream SOCKS4 proxy support 2019-05-31 17:24:06 +02:00
SPOE.txt DOC: assorted typo fixes in the documentation and Makefile 2020-03-06 10:49:55 +01:00
WURFL-device-detection.txt DOC: fix typos 2019-05-25 07:34:24 +02:00