Use $request_uri instead of $uri, since $uri allows for injection
Thanks NixOS for pointing that out! :3 Also see here for an explanation: https://reversebrain.github.io/2021/03/29/The-story-of-Nginx-and-uri-variable/
This commit is contained in:
parent
98906db4bf
commit
6787c7c0d7
|
|
@ -46,7 +46,7 @@ server {
|
||||||
expires 365d;
|
expires 365d;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / { try_files $uri $uri/ @dokuwiki; }
|
location / { try_files $request_uri $request_uri/ @dokuwiki; }
|
||||||
|
|
||||||
location @dokuwiki {
|
location @dokuwiki {
|
||||||
# rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
|
# rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
|
||||||
|
|
@ -57,7 +57,7 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
try_files $uri $uri/ /doku.php;
|
try_files $request_uri $request_uri/ /doku.php;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
fastcgi_param REDIRECT_STATUS 200;
|
fastcgi_param REDIRECT_STATUS 200;
|
||||||
|
|
@ -72,14 +72,14 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
location /ChaosVPN {
|
location /ChaosVPN {
|
||||||
return 302 https://oldwiki.hamburg.ccc.de$uri;
|
return 302 https://oldwiki.hamburg.ccc.de$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ /EH(07|09|11) {
|
location ~ /EH(07|09|11) {
|
||||||
return 302 https://oldwiki.hamburg.ccc.de$uri;
|
return 302 https://oldwiki.hamburg.ccc.de$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /Easter {
|
location /Easter {
|
||||||
return 302 https://oldwiki.hamburg.ccc.de$uri;
|
return 302 https://oldwiki.hamburg.ccc.de$request_uri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue