From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 server/conf/nginx_vhost.conf.master |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 883fbba..7217636 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -27,15 +27,20 @@
             rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
         }
 </tmpl_loop>
+<tmpl_loop name="local_redirects">
+        if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
+            rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
+        }
+</tmpl_loop>
 
 <tmpl_loop name="own_redirects">
 <tmpl_if name='use_rewrite'>
-        rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;
+        <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
 </tmpl_if>
 <tmpl_if name='use_proxy'>
         location / {
             proxy_pass <tmpl_var name='rewrite_target'>;
-            rewrite ^/<tmpl_var name='rewrite_subdir'>/(.*) /$1;
+            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
 <tmpl_loop name="proxy_directives">
         <tmpl_var name='proxy_directive'>
 </tmpl_loop>
@@ -212,7 +217,7 @@
 <tmpl_if name='use_proxy'>
         location / {
             proxy_pass <tmpl_var name='rewrite_target'>;
-            rewrite ^/<tmpl_var name='rewrite_subdir'>/(.*) /$1;
+            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
 <tmpl_loop name="proxy_directives">
         <tmpl_var name='proxy_directive'>
 </tmpl_loop>

--
Gitblit v1.9.1