Merge pull request #3048 from airween/v3/encodedqm

airween · web-flow · commit d648a44ff576 · 2024-01-30T16:30:25.000+01:00
Change REQUEST_FILENAME behavior
diff --git a/src/transaction.cc b/src/transaction.cc
@@ -463,6 +463,14 @@ int Transaction::processURI(const char *uri, const char *method,
 
     size_t pos_raw_query = uri_s.find("?");
 
+    std::string path_info_raw;
+    if (pos_raw_query == std::string::npos) {
+        path_info_raw = std::string(uri_s, 0);
+    } else {
+        path_info_raw = std::string(uri_s, 0, pos_raw_query);
+    }
+    std::string path_info = utils::uri_decode(path_info_raw);
+
     m_uri_decoded = utils::uri_decode(uri_s);
 
     size_t var_size = pos_raw_query;
@@ -477,15 +485,8 @@ int Transaction::processURI(const char *uri, const char *method,
     m_variableRequestProtocol.set("HTTP/" + std::string(http_version),
         m_variableOffset + requestLine.size() + 1);
 
-
-    size_t pos_query = m_uri_decoded.find("?");
-    if (pos_query != std::string::npos) {
-        m_uri_no_query_string_decoded = std::unique_ptr<std::string>(
-            new std::string(m_uri_decoded, 0, pos_query));
-    } else {
-        m_uri_no_query_string_decoded = std::unique_ptr<std::string>(
-            new std::string(m_uri_decoded));
-    }
+    m_uri_no_query_string_decoded = std::unique_ptr<std::string>(
+        new std::string(path_info));
 
 
     if (pos_raw_query != std::string::npos) {
@@ -495,12 +496,7 @@ int Transaction::processURI(const char *uri, const char *method,
             + std::string(method).size() + 1);
     }
 
-    std::string path_info;
-    if (pos_query == std::string::npos) {
-        path_info = std::string(m_uri_decoded, 0);
-    } else {
-        path_info = std::string(m_uri_decoded, 0, pos_query);
-    }
+
     if (var_size == std::string::npos) {
         var_size = uri_s.size();
     }
diff --git a/test/test-cases/regression/variable-PATH_INFO.json b/test/test-cases/regression/variable-PATH_INFO.json
@@ -2,7 +2,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing Variables :: PATH_INFO (1/3)",
+    "title":"Testing Variables :: PATH_INFO (1/4)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -46,7 +46,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing Variables :: PATH_INFO (2/3)",
+    "title":"Testing Variables :: PATH_INFO (2/4)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -90,7 +90,7 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing Variables :: PATH_INFO (3/3)",
+    "title":"Testing Variables :: PATH_INFO (3/4)",
     "client":{
       "ip":"200.249.12.31",
       "port":123
@@ -130,5 +130,49 @@
       "SecRuleEngine On",
       "SecRule PATH_INFO \"@contains test \" \"id:1,phase:3,pass,t:trim\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Variables :: PATH_INFO (4/4)",
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "Content-Length":"27",
+        "Content-Type":"application/x-www-form-urlencoded"
+      },
+      "uri":"/one/t%3fo/three?key=value",
+      "method":"POST",
+      "body":[
+        "param1=value1&param2=value2"
+      ]
+    },
+    "response":{
+      "headers":{
+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
+        "Content-Type":"text/html"
+      },
+      "body":[
+        "no need."
+      ]
+    },
+    "expected":{
+      "http_code": 403
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule PATH_INFO \"@contains three\" \"id:1,phase:2,deny,status:403,t:trim\""
+    ]
   }
 ]
