github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using the decoded uri in REQUEST_URI instead of the encoded one

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-11-23 17:10:32 -03:00
parent 7a36499f22
commit 9116a19bcc
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/rule.cc
View File

@ -580,10 +580,11 @@ bool Rule::evaluate(Transaction *trasn) {
#endif #endif
} }
} else if (!a->isDisruptive()) { } else if (!a->isDisruptive()) {
// here if (a->m_name != "capture" \
if (a->m_name != "capture" && a->m_name != "setvar") { && a->m_name != "setvar") {
#ifndef NO_LOGS #ifndef NO_LOGS
trasn->debug(4, "Running [II] (_non_ disruptive) " \ trasn->debug(4, "Running [II] " \
"(_non_ disruptive) " \
"action: " + a->m_name); "action: " + a->m_name);
#endif #endif
a->evaluate(this, trasn, ruleMessage); a->evaluate(this, trasn, ruleMessage);

2
src/transaction.cc
View File

@ -415,7 +415,7 @@ int Transaction::processURI(const char *uri, const char *method,
m_collections.store("REQUEST_PROTOCOL", m_collections.store("REQUEST_PROTOCOL",
"HTTP/" + std::string(http_version)); "HTTP/" + std::string(http_version));
std::string parsedURI = uri; std::string parsedURI = m_uri_decoded;
// The more popular case is without domain // The more popular case is without domain
if (!m_uri_decoded.empty() && m_uri_decoded.at(0) != '/') { if (!m_uri_decoded.empty() && m_uri_decoded.at(0) != '/') {
bool fullDomain = true; bool fullDomain = true;