[Varnish] #607: Varnish 2.0.6 -- fixes for ESI tag parsing when xmlns:esi attribute present; plus issues with "& " evaluation in URLs
Varnish
varnish-bugs at projects.linpro.no
Fri Dec 25 01:02:59 CET 2009
#607: Varnish 2.0.6 -- fixes for ESI tag parsing when xmlns:esi attribute
present; plus issues with "&" evaluation in URLs
-------------------+--------------------------------------------------------
Reporter: niz | Type: defect
Status: new | Priority: high
Milestone: | Component: build
Version: trunk | Severity: normal
Keywords: esi |
-------------------+--------------------------------------------------------
I fixed two minor problems we when varnish was parsing the following ESI
tag:
{{{
<esi:include
xmlns:esi="http://www.edge-delivery.org/esi/1.0"
src="/p/archive/2009?mode=id&id=12034"/>
}}}
The first problem is that Varnish will only allow alpha-numeric attribute
names, so "xmlns:esi" appears to be illegal. In cache_vrt_esi.c,
changing:
{{{
if (!isalnum(*in->b)) {
to...
if (!isalnum(*in->b) && (strchr(":_-.", *in->b) == NULL))
{
}}}
fixes this. It also allows '_', '-' and '.' characters in the attribute
name.
The second problem is that the XML character entity references (i.e.
"&") do not get changed in to their actual representation. So where I
was expecting query parameters "?mode=id&id=12034" I get
"?mode=id&id=12034". If the ESI included URL is going through
varnish I can do a vcl regsub() to change "&" to "&" -- but if it is
going to an external URL things won't work. I fixed this problem by
processing XML character entity references in cache_vrt_esi.c -- which I
think is the best solution.
I have attached the diffs to cache_vrt_esi.c for both these fixes. I
tested them and
I believe they are safe but this is first time I've looked at this code
and so I suppose I could have done something dumb.
Best,[[BR]]
/j
--
Ticket URL: <http://varnish.projects.linpro.no/ticket/607>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list