From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <9front-bounces@9front.inri.net>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: from 9front.inri.net (9front.inri.net [168.235.81.73])
	by inbox.vuxu.org (Postfix) with ESMTP id 1D64F288F4
	for <ml@inbox.vuxu.org>; Mon, 15 Jan 2024 15:48:56 +0100 (CET)
Received: from auth.driusan.net ([207.148.18.58]) by 9front; Mon Jan 15 09:47:24 -0500 2024
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=driusan.net; s=20180128; h=From:Date:Subject:To; bh=elYMkSCVz63OApuJGEaGtRKDOXbzBIMncwImZfwCZzk=; b=EsBwTQ8vIUkhCFzDrVNcm783lPxp0pFNU9SvgFC/4MajX7AcM/BsgVjYzlMEONJeAMbbAb52O9zPUmAUM8VI5txlC3y9TbEkRmDNggJPSJQnlksg20EULghYDZu0RQxH3j4BI+dzULSHC2BYeopkfkF3N8l7kxLH9Im/he01cg/MB6pVFVK+IrPBqoECMoXQXBNZsaEEW7GHlKQQruA7+5sz0tX6IKUc/nUq3+/rmZHxPLNkEgc+Lq1/ED5GEBDjkKhais+msjXhibpapQojbPAUq74GifpttLJRAmIqWpeudRBGyWBeTqOlhbGEhz7IuA5XZ4FjGAQzvDQKA9sjnA==
Message-ID: <70CC07843C04CCFE7FCEDF1CC31EB6F2@driusan.net>
From: "Dave MacFarlane" <driusan@driusan.net>
Date: Mon, 15 Jan 2024 09:47:21 -0500
To: 9front@9front.org
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: extensible GPU shader SSL over HTTP service CMS solution 
Subject: [9front] url query params in rc-httpd
Reply-To: 9front@9front.org
Precedence: bulk

There's a bug in rc-httpd when a query param has something that
looks like a url in it, it handles it as a request for the queryparam,
not a request for the url being requested. 

ie. a request for https://example.com/foo?q=http://example.com/bar is treated
as a request for http://example.com/bar by rc-httpd. I'm not sure if this 
is the right fix, but I worked around it by stripping everything after the '?'
from the $REQUEST_URI before doing the check for if it's an http proxy request.

diff 9c2e8e2b13b0d01b7adf88b61af6edfbddd872c1 uncommitted
--- a/rc/bin/rc-httpd/rc-httpd
+++ b/rc/bin/rc-httpd/rc-httpd
@@ -64,7 +64,8 @@
 		~ $line(2) chunked && chunked=yes
 	}
 }
-if(~ $REQUEST_URI *://* //*){
+REQUEST_NP=`{echo $REQUEST_URI | sed 's;\?.*;;'}
+if(~ $REQUEST_NP *://* //*){
 	SERVER_NAME=`{echo $REQUEST_URI | sed '
 		s;^[^:]+:;;
 		s;^//([^/]+).*;\1;'}