feature: don't export ngx.ESC_XXX constants

zhuizhuhaomeng · Jun 28, 2020 · fc6ca27 · fc6ca27
1 parent 3603a5b
commit fc6ca27
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 87 deletions.
diff --git a/README.markdown b/README.markdown
@@ -3192,7 +3192,6 @@ Nginx API for Lua
 * [HTTP method constants](#http-method-constants)
 * [HTTP status constants](#http-status-constants)
 * [Nginx log level constants](#nginx-log-level-constants)
-* [Nginx escape type constants](#nginx-escape-type-constants)
 * [print](#print)
 * [ngx.ctx](#ngxctx)
 * [ngx.location.capture](#ngxlocationcapture)
@@ -3597,27 +3596,6 @@ These constants are usually used by the [ngx.log](#ngxlog) method.
 
 [Back to TOC](#nginx-api-for-lua)
 
-Nginx escape type constants
----------------------------
-
-**context:** *init_by_lua&#42;, init_worker_by_lua&#42;, set_by_lua&#42;, rewrite_by_lua&#42;, access_by_lua&#42;, content_by_lua&#42;, header_filter_by_lua&#42;, body_filter_by_lua&#42;, log_by_lua&#42;, ngx.timer.&#42;, balancer_by_lua&#42;, ssl_certificate_by_lua&#42;, ssl_session_fetch_by_lua&#42;, ssl_session_store_by_lua&#42;*
-
-```lua
-
-   ngx.ESCAPE_URI
-   ngx.ESCAPE_ARGS
-   ngx.ESCAPE_URI_COMPONENT
-   ngx.ESCAPE_HTML
-   ngx.ESCAPE_REFRESH
-   ngx.ESCAPE_MEMCACHED
-   ngx.ESCAPE_MAIL_AUTH
-```
-
-
-These constants are usually used by the [ngx.escape_uri](#ngxescape_uri) method.
-
-[Back to TOC](#nginx-api-for-lua)
-
 print
 -----
 
@@ -5610,7 +5588,14 @@ ngx.escape_uri
 Escape `str` as a URI component.
 
 Since `v0.10.16rc6`, this function accepts an optional `type` argument.
-Note that this method accepts all [Nginx escape type constants](#nginx-escape-type-constants) as input.
+```lua
+
+   type = 0 (Escape <code>str</code> as a URI)
+   type = 2 (Escape <code>str</code> as a URI component)
+```
+when type set to 0, " ", "#", "%", "?", 0x00-0x1F, 0x7F-0xFF will be escaped.
+when type set to 2, all characters excepter ALPHA, DIGIT, "-", ".", "_", "~" will be escaped.
+
 
 [Back to TOC](#nginx-api-for-lua)
 

diff --git a/doc/HttpLuaModule.wiki b/doc/HttpLuaModule.wiki
@@ -2929,23 +2929,6 @@ These constants are usually used in [[#ngx.location.capture|ngx.location.capture
 
 These constants are usually used by the [[#ngx.log|ngx.log]] method.
 
-== Nginx escape type constants ==
-
-'''context:''' ''init_by_lua*, init_worker_by_lua*, set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*, body_filter_by_lua*, log_by_lua*, ngx.timer.*, balancer_by_lua*, ssl_certificate_by_lua*, ssl_session_fetch_by_lua*, ssl_session_store_by_lua*''
-
-<geshi lang="lua">
-  ngx.ESCAPE_URI
-  ngx.ESCAPE_ARGS
-  ngx.ESCAPE_URI_COMPONENT
-  ngx.ESCAPE_HTML
-  ngx.ESCAPE_REFRESH
-  ngx.ESCAPE_MEMCACHED
-  ngx.ESCAPE_MAIL_AUTH
-</geshi>
-
-
-These constants are usually used by the [[#ngx.escape_uri|ngx.escape_uri]] method.
-
 == print ==
 
 '''syntax:''' ''print(...)''
@@ -4710,7 +4693,12 @@ This method was introduced in the <code>0.5.0rc30</code> release.
 Escape <code>str</code> as a URI component.
 
 Since `v0.10.16rc6`, this function accepts an optional <code>type</code> argument.
-Note that this method accepts all [[#Nginx escape type constants|Nginx escape type constants]] as input.
+<geshi lang="lua">
+  type = 0 (Escape <code>str</code> as a URI)
+  type = 2 (Escape <code>str</code> as a URI component)
+</geshi>
+when type set to 0, " ", "#", "%", "?", 0x00-0x1F, 0x7F-0xFF will be escaped.
+when type set to 2, all characters excepter ALPHA, DIGIT, "-", ".", "_", "~" will be escaped.
 
 == ngx.unescape_uri ==
 

diff --git a/src/ngx_http_lua_consts.c b/src/ngx_http_lua_consts.c
@@ -13,34 +13,6 @@
 
 #include "ngx_http_lua_consts.h"
 
-void
-ngx_http_lua_inject_escape_consts(lua_State *L)
-{
-    /* {{{ escape constants */
-    lua_pushinteger(L, NGX_ESCAPE_URI);
-    lua_setfield(L, -2, "ESCAPE_URI");
-
-    lua_pushinteger(L, NGX_ESCAPE_ARGS);
-    lua_setfield(L, -2, "ESCAPE_ARGS");
-
-    lua_pushinteger(L, NGX_ESCAPE_URI_COMPONENT);
-    lua_setfield(L, -2, "ESCAPE_URI_COMPONENT");
-
-    lua_pushinteger(L, NGX_ESCAPE_HTML);
-    lua_setfield(L, -2, "ESCAPE_HTML");
-
-    lua_pushinteger(L, NGX_ESCAPE_REFRESH);
-    lua_setfield(L, -2, "ESCAPE_REFRESH");
-
-    lua_pushinteger(L, NGX_ESCAPE_MEMCACHED);
-    lua_setfield(L, -2, "ESCAPE_MEMCACHED");
-
-    lua_pushinteger(L, NGX_ESCAPE_MAIL_AUTH);
-    lua_setfield(L, -2, "ESCAPE_MAIL_AUTH");
-
-    /* }}} */
-}
-
 
 void
 ngx_http_lua_inject_core_consts(lua_State *L)

diff --git a/src/ngx_http_lua_consts.h b/src/ngx_http_lua_consts.h
@@ -13,7 +13,6 @@
 
 void ngx_http_lua_inject_http_consts(lua_State *L);
 void ngx_http_lua_inject_core_consts(lua_State *L);
-void ngx_http_lua_inject_escape_consts(lua_State *L);
 
 
 #endif /* _NGX_HTTP_LUA_CONSTS_H_INCLUDED_ */

diff --git a/src/ngx_http_lua_string.c b/src/ngx_http_lua_string.c
@@ -436,6 +436,9 @@ size_t
 ngx_http_lua_ffi_uri_escaped_length(const u_char *src, size_t len,
     int type)
 {
+    if (type < NGX_ESCAPE_URI || type > NGX_ESCAPE_MAIL_AUTH) {
+        return -1;
+    }
     return len + 2 * ngx_http_lua_escape_uri(NULL, (u_char *) src, len, type);
 }
 
@@ -444,6 +447,9 @@ void
 ngx_http_lua_ffi_escape_uri(const u_char *src, size_t len, u_char *dst,
     int type)
 {
+    if (type < NGX_ESCAPE_URI || type > NGX_ESCAPE_MAIL_AUTH) {
+        return;
+    }
     ngx_http_lua_escape_uri(dst, (u_char *) src, len, type);
 }
 

diff --git a/src/ngx_http_lua_util.c b/src/ngx_http_lua_util.c
@@ -726,7 +726,6 @@ ngx_http_lua_inject_ngx_api(lua_State *L, ngx_http_lua_main_conf_t *lmcf,
 
     ngx_http_lua_inject_arg_api(L);
 
-    ngx_http_lua_inject_escape_consts(L);
     ngx_http_lua_inject_http_consts(L);
     ngx_http_lua_inject_core_consts(L);
 

diff --git a/t/006-escape.t b/t/006-escape.t
@@ -204,11 +204,11 @@ GET /lua
 --- config
     location /lua {
         content_by_lua_block {
-            ngx.say(ngx.escape_uri("https://www.google.com", ngx.ESCAPE_URI))
-            ngx.say(ngx.escape_uri("https://www.google.com/query?q=test", ngx.ESCAPE_URI))
-            ngx.say(ngx.escape_uri("https://www.google.com/query?\r\nq=test", ngx.ESCAPE_URI))
-            ngx.say(ngx.escape_uri("-_.~!*'();:@&=+$,/?#", ngx.ESCAPE_URI))
-            ngx.say(ngx.escape_uri("<>[]{}\\\" ", ngx.ESCAPE_URI))
+            ngx.say(ngx.escape_uri("https://www.google.com", 0))
+            ngx.say(ngx.escape_uri("https://www.google.com/query?q=test", 0))
+            ngx.say(ngx.escape_uri("https://www.google.com/query?\r\nq=test", 0))
+            ngx.say(ngx.escape_uri("-_.~!*'();:@&=+$,/?#", 0))
+            ngx.say(ngx.escape_uri("<>[]{}\\\" ", 0))
         }
     }
 --- request
@@ -228,13 +228,13 @@ https://www.google.com/query%3F%0D%0Aq=test
 --- config
     location /lua {
         content_by_lua_block {
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_URI))
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_ARGS))
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_URI_COMPONENT))
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_HTML))
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_REFRESH))
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_MEMCACHED))
-            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", ngx.ESCAPE_MAIL_AUTH))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 0))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 1))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 2))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 3))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 4))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 5))
+            ngx.say(ngx.escape_uri("https://www.google.com/?t=abc@ :", 6))
         }
     }
 --- request
@@ -263,22 +263,22 @@ https://www.google.com/?t=abc@%20:
 GET /lua
 --- error_code: 500
 --- error_log eval
-qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "esc_type" \-1 out of range/
+qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "type" \-1 out of range/
 
 
 
 === TEST 18: escape type out of range
 --- config
     location /lua {
         content_by_lua_block {
-            ngx.say(ngx.escape_uri("https://www.google.com", 100))
+            ngx.say(ngx.escape_uri("https://www.google.com", 10))
         }
     }
 --- request
 GET /lua
 --- error_code: 500
 --- error_log eval
-qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "esc_type" 100 out of range/
+qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "type" 10 out of range/
 
 
 
@@ -293,4 +293,4 @@ qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "esc_type"
 GET /lua
 --- error_code: 500
 --- error_log eval
-qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "esc_type" is not number/
+qr/\[error\] \d+#\d+: \*\d+ lua entry thread aborted: runtime error: "type" is not number/