From 6d5e752cb3d039d9f38ff867a4b4a419af45f88d Mon Sep 17 00:00:00 2001
From: ivanr <ivanr@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Sat, 12 Dec 2009 14:21:17 +0000
Subject: [PATCH] Added URLENCODED_ERROR, which is raised when invalid URL
 encoding is encountered

---
 apache2/modsecurity.c  |  4 ++++
 apache2/modsecurity.h  |  2 ++
 apache2/msc_reqbody.c  |  4 ++++
 apache2/re_variables.c | 23 +++++++++++++++++++++++
 4 files changed, 33 insertions(+)

diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c
index 3a914c1d..37035ca4 100644
--- a/apache2/modsecurity.c
+++ b/apache2/modsecurity.c
@@ -295,6 +295,10 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
             msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments.");
             return -1;
         }
+        
+        if (invalid_count) {
+            msr->urlencoded_error = 1;
+        }
     }
 
     msr->arguments_to_sanitize = apr_table_make(msr->mp, 16);
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index bef39bc7..db8f1852 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -257,6 +257,8 @@ struct modsec_rec {
     apr_table_t         *request_headers_to_sanitize;
     apr_table_t         *response_headers_to_sanitize;
     apr_table_t         *request_cookies;
+    
+    unsigned int	urlencoded_error;
 
     unsigned int         is_relevant;
 
diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c
index aa71756d..b74b1aba 100644
--- a/apache2/msc_reqbody.c
+++ b/apache2/msc_reqbody.c
@@ -423,6 +423,10 @@ static apr_status_t modsecurity_request_body_end_urlencoded(modsec_rec *msr, cha
         *error_msg = apr_pstrdup(msr->mp, "Initialisation: Error occurred while parsing BODY arguments.");
         return -1;
     }
+    
+    if (invalid_count) {
+        msr->urlencoded_error = 1;
+    }
 
     return 1;
 }
diff --git a/apache2/re_variables.c b/apache2/re_variables.c
index b8325d55..46705e6d 100644
--- a/apache2/re_variables.c
+++ b/apache2/re_variables.c
@@ -1414,6 +1414,18 @@ static int var_multipart_unmatched_boundary_generate(modsec_rec *msr, msre_var *
     }
 }
 
+/* URLENCODED_ERROR */
+
+static int var_urlencoded_error_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+    apr_table_t *vartab, apr_pool_t *mptmp)
+{
+    if (msr->urlencoded_error) {
+        return var_simple_generate(var, vartab, mptmp, "1");
+    } else {
+        return var_simple_generate(var, vartab, mptmp, "0");
+    }
+}
+
 /* TIME */
 
 static int var_time_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -2972,6 +2984,17 @@ void msre_engine_register_default_variables(msre_engine *engine) {
         VAR_CACHE,
         PHASE_RESPONSE_HEADERS
     );
+    
+    /* URLENCODED_ERROR */
+    msre_engine_variable_register(engine,
+        "URLENCODED_ERROR",
+        VAR_SIMPLE,
+        0, 0,
+        NULL,
+        var_urlencoded_error_generate,
+        VAR_DONT_CACHE, /* flag */
+        PHASE_REQUEST_HEADERS
+    );
 
     /* USER */
     msre_engine_variable_register(engine,