On Fri, Sep 13, 2013 at 09:48:05AM -0400, aldem wrote:
reading through ngx_http_rewrite_module.c and thinking about it some
I believe I was wrong in my previous mail.
I tried to simplify too much.
Well, this is where I am lost a bit - documentation only says “replacement
string”, and from my understanding this includes possible expansion of
variables (like everywhere else), and it doesn’t mention (or I couldn’t
find, at least) that rewrite target is normalized URI (or that variables
could be processed differently). Probably, this is the only case where
expansion is processed differently from literal values.
The only true documentation for what the current version does is in the
directory called “src”. Anything else is someone’s interpretation. (In
many cases, the interpretation is correct; but there are often reasons
why some edge cases are not documented outside of the source.)
My understanding is that rewrite will populate $uri with its
argument up to the first ?, and will populate $args after that if
appropriate. While populating, it expands $variables.
For internal-to-nginx use, $uri and $args now have their values.
For external-to-nginx use, $uri and $args are concatenated with a
separating ? if appropriate, and it is up to whatever reads the complete
string to decide what to do with it.
On the other hand, if rewrite target expects a normalized URI, then mangling
with arguments there should not be possible at all, as there could be
mixture of normalized and escaped values in single string.
The general philosophy of the nginx configuration seems to be that
things are straightforward, and uncommon things are no more than a
or a local patch away.
And also, the administrator is trusted to know what they are doing,
so it is their responsibility to properly handle unescaped and escaped
values. In the specific case of escaping, nginx in general can’t guess
what the user wants.
It still looks like NOTABUG to me; but I’m not the one who wrote it.
Francis D. [email protected]