From fdfc2d5b21610651b0cefceb397be2cfc7aac8bb Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Mon, 19 May 2025 10:53:50 +0200
Subject: [PATCH] fix: add ARGS to sanitize list only if it's not added yet

---
 apache2/modsecurity.h | 1 +
 apache2/msc_json.c    | 1 +
 apache2/msc_parsers.c | 1 +
 apache2/re_actions.c  | 3 ++-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index 13334674..28947170 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -693,6 +693,7 @@ struct msc_arg {
     unsigned int             value_origin_offset;
     unsigned int             value_origin_len;
     const char              *origin;
+    unsigned int             marked_for_sanitization;
 };
 
 struct msc_string {
diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index 950eb9b6..cae7bf4f 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -70,6 +70,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
         return 0;
     }
 
+    arg->marked_for_sanitization = 0;
     apr_table_addn(msr->arguments,
         log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *) arg);
 
diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c
index 9a84e2ad..793549a5 100644
--- a/apache2/msc_parsers.c
+++ b/apache2/msc_parsers.c
@@ -350,6 +350,7 @@ void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg)
     assert(msr != NULL);
     assert(arguments != NULL);
     assert(arg != NULL);
+    arg->marked_for_sanitization = 0;
     if (msr->txcfg->debuglog_level >= 5) {
         msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"",
                 arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),
diff --git a/apache2/re_actions.c b/apache2/re_actions.c
index a028e42a..4a922d27 100644
--- a/apache2/re_actions.c
+++ b/apache2/re_actions.c
@@ -1527,8 +1527,9 @@ static apr_status_t msre_action_sanitizeMatched_execute(modsec_rec *msr, apr_poo
             for (i = 0; i < tarr->nelts; i++) {
                 msc_arg *arg = (msc_arg *)telts[i].val;
                 assert(arg != NULL);
-                if (strcasecmp(sargname, arg->name) == 0) {
+                if (arg->marked_for_sanitization == 0 && strcasecmp(sargname, arg->name) == 0) {
                     apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
+                    arg->marked_for_sanitization = 1;
                 }
             }
             break;