1 Origin: https://www.privoxy.org/gitweb/?p=privoxy.git;h=89da1910
2 Author: Fabian Keil <fk@fabiankeil.de>
3 Date: Tue Dec 15 19:00:00 2020 +0100
4 Bug: https://sourceforge.net/p/ijbswa/support-requests/1736/
5 Forwarded: not needed, comes from upstream
6 Subject: Check the actual URL when https inspecting requests
7 redirect_url(): Check the actual URL when https inspecting requests
9 Previously we would only check the path which resulted
10 in rewrite results being rejected as invalid URLs.
13 19:37:29.494 014 Error: pcrs command "s@/test@/@" changed "/test" to "/" (1 hit), but the result doesn't look like a valid URL and will be ignored.
16 19:40:57.857 002 Redirect: pcrs command s@/test@/@ changed https://www.electrobsd.org/test to https://www.electrobsd.org/ (1 hit).
18 Reported by withoutname in #1736.
23 #ifdef FEATURE_CLIENT_TAGS
24 #include "client-tags.h"
26 +#ifdef FEATURE_HTTPS_INSPECTION
32 @@ -1220,8 +1223,33 @@ struct http_response *redirect_url(struc
34 if (*redirection_string == 's')
36 - old_url = csp->http->url;
37 +#ifdef FEATURE_HTTPS_INSPECTION
38 + if (client_use_ssl(csp))
42 + old_url = strdup_or_die("https://");
43 + err = string_append(&old_url, csp->http->hostport);
44 + if (!err) err = string_append(&old_url, csp->http->path);
47 + log_error(LOG_LEVEL_FATAL,
48 + "Failed to rebuild URL 'https://%s%s'",
49 + csp->http->hostport, csp->http->path);
55 + old_url = csp->http->url;
57 new_url = rewrite_url(old_url, redirection_string);
58 +#ifdef FEATURE_HTTPS_INSPECTION
59 + if (client_use_ssl(csp))