rewrite: Fix a double-encode issue when using the {uri} placeholder

Fix #4515
caddyserver · Jan 10, 2022 · 7d34e50 · 7d34e50
1 parent c634bbe
commit 7d34e50
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go
@@ -168,7 +168,20 @@ func (rewr Rewrite) rewrite(r *http.Request, repl *caddy.Replacer, logger *zap.L
 		// in a temporary variable so that they all read the
 		// same version of the URI
 		var newPath, newQuery, newFrag string
+
 		if path != "" {
+			// Since the 'uri' placeholder performs a URL-encode,
+			// we need to intercept it so that it doesn't, because
+			// otherwise we risk a double-encode of the path.
+			uriPlaceholder := "{http.request.uri}"
+			if strings.Contains(path, uriPlaceholder) {
+				tmpUri := r.URL.Path
+				if r.URL.RawQuery != "" {
+					tmpUri += "?" + r.URL.RawQuery
+				}
+				path = strings.ReplaceAll(path, uriPlaceholder, tmpUri)
+			}
+
 			newPath = repl.ReplaceAll(path, "")
 		}
 

diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go
@@ -189,6 +189,21 @@ func TestRewrite(t *testing.T) {
 			input:  newRequest(t, "GET", "/foo/?a=b"),
 			expect: newRequest(t, "GET", "/foo/bar?c=d"),
 		},
+		{
+			rule:   Rewrite{URI: "/i{http.request.uri}"},
+			input:  newRequest(t, "GET", "/%C2%B7%E2%88%B5.png"),
+			expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png"),
+		},
+		{
+			rule:   Rewrite{URI: "/i{http.request.uri}"},
+			input:  newRequest(t, "GET", "/·∵.png?a=b"),
+			expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png?a=b"),
+		},
+		{
+			rule:   Rewrite{URI: "/i{http.request.uri}"},
+			input:  newRequest(t, "GET", "/%C2%B7%E2%88%B5.png?a=b"),
+			expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png?a=b"),
+		},
 
 		{
 			rule:   Rewrite{StripPathPrefix: "/prefix"},