Use $request_uri instead of $uri, since $uri allows for injection
Thanks NixOS for pointing that out! :3 Also see here for an explanation: https://reversebrain.github.io/2021/03/29/The-story-of-Nginx-and-uri-variable/
This commit is contained in:
parent
98906db4bf
commit
6787c7c0d7
|
@ -46,7 +46,7 @@ server {
|
|||
expires 365d;
|
||||
}
|
||||
|
||||
location / { try_files $uri $uri/ @dokuwiki; }
|
||||
location / { try_files $request_uri $request_uri/ @dokuwiki; }
|
||||
|
||||
location @dokuwiki {
|
||||
# rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
|
||||
|
@ -57,7 +57,7 @@ server {
|
|||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri $uri/ /doku.php;
|
||||
try_files $request_uri $request_uri/ /doku.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
||||
|
@ -72,14 +72,14 @@ server {
|
|||
}
|
||||
|
||||
location /ChaosVPN {
|
||||
return 302 https://oldwiki.hamburg.ccc.de$uri;
|
||||
return 302 https://oldwiki.hamburg.ccc.de$request_uri;
|
||||
}
|
||||
|
||||
location ~ /EH(07|09|11) {
|
||||
return 302 https://oldwiki.hamburg.ccc.de$uri;
|
||||
return 302 https://oldwiki.hamburg.ccc.de$request_uri;
|
||||
}
|
||||
|
||||
location /Easter {
|
||||
return 302 https://oldwiki.hamburg.ccc.de$uri;
|
||||
return 302 https://oldwiki.hamburg.ccc.de$request_uri;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue