From 904afc8bdeb87624c11ec1673daa474bee93d74d Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 11 Sep 2024 15:56:33 +0000
Subject: [PATCH] * Leave the proper escaping of the URL and the adding of
 r->args to the   proxy module which runs after us after r1920570.   Just take
 care to add r->args in case the proxy rule has the   [NE] flag set and tell
 the proxy module to not escape in this case.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920571 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 4348e8cb7d8c41b1c8019ceb0a1612bb4a3384f7)
---
 modules/mappers/mod_rewrite.c | 29 ++++++++++-------------------
 1 file changed, 10 insertions(+), 19 deletions(-)

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index d7cb194f742..93430e5952e 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4515,20 +4515,6 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
      * ourself).
      */
     if (p->flags & RULEFLAG_PROXY) {
-        /* For rules evaluated in server context, the mod_proxy fixup
-         * hook can be relied upon to escape the URI as and when
-         * necessary, since it occurs later.  If in directory context,
-         * the ordering of the fixup hooks is forced such that
-         * mod_proxy comes first, so the URI must be escaped here
-         * instead.  See PR 39746, 46428, and other headaches. */
-        if (ctx->perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {
-            char *old_filename = r->filename;
-
-            r->filename = ap_escape_uri(r->pool, r->filename);
-            rewritelog(r, 2, ctx->perdir, "escaped URI in per-dir context "
-                       "for proxy, %s -> %s", old_filename, r->filename);
-        }
-
         fully_qualify_uri(r);
 
         rewritelog(r, 2, ctx->perdir, "forcing proxy-throughput with %s",
@@ -5051,7 +5037,7 @@ static int hook_uri2file(request_rec *r)
             }
             if ((r->args != NULL)
                 && ((r->proxyreq == PROXYREQ_PROXY)
-                    || (rulestatus == ACTION_NOESCAPE))) {
+                    || apr_table_get(r->notes, "proxy-nocanon"))) {
                 /* see proxy_http:proxy_http_canon() */
                 r->filename = apr_pstrcat(r->pool, r->filename,
                                           "?", r->args, NULL);
@@ -5352,13 +5338,18 @@ static int hook_fixup(request_rec *r)
                 return HTTP_FORBIDDEN;
             }
 
-            /* make sure the QUERY_STRING and
-             * PATH_INFO parts get incorporated
+            if (rulestatus == ACTION_NOESCAPE) {
+                apr_table_setn(r->notes, "proxy-nocanon", "1");
+            }
+
+            /* make sure the QUERY_STRING gets incorporated in the case
+             * [NE] was specified on the Proxy rule. We are preventing
+             * mod_proxy canon handler from incorporating r->args as well
+             * as escaping the URL.
              * (r->path_info was already appended by the
              * rewriting engine because of the per-dir context!)
              */
-            if (r->args != NULL) {
-                /* see proxy_http:proxy_http_canon() */
+            if ((r->args != NULL) && apr_table_get(r->notes, "proxy-nocanon")) {
                 r->filename = apr_pstrcat(r->pool, r->filename,
                                           "?", r->args, NULL);
             }