Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-04-11 19:51:49 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

vars: Don't expand placeholders in values (#7629)

Browse Source
This commit is contained in:
vnxme 2026-04-10 18:37:43 +03:00 committed by GitHub
parent d7834676aa
commit 5de1565ff6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/caddyhttp/vars.go
View File

@ -181,18 +181,15 @@ func (m VarsMatcher) MatchWithError(r *http.Request) (bool, error) {
vars := r.Context().Value(VarsCtxKey).(map[string]any)
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
var fromPlaceholder bool
var matcherValExpanded, valExpanded, varStr, v string
var matcherValExpanded, varStr, v string
var varValue any
for key, vals := range m {
if strings.HasPrefix(key, "{") &&
strings.HasSuffix(key, "}") &&
strings.Count(key, "{") == 1 {
varValue, _ = repl.Get(strings.Trim(key, "{}"))
fromPlaceholder = true
} else {
varValue = vars[key]
fromPlaceholder = false
}
switch vv := varValue.(type) {
@ -208,19 +205,15 @@ func (m VarsMatcher) MatchWithError(r *http.Request) (bool, error) {
varStr = fmt.Sprintf("%v", vv)
}
// Only expand placeholders in values from literal variable names
// (e.g. map outputs). Values resolved from placeholder keys are
// Don't expand placeholders in values from literal variable names
// (e.g. map outputs) or other placeholders. These values are
// already final and must not be re-expanded, as that would allow
// user input like {env.SECRET} to be evaluated.
valExpanded = varStr
if !fromPlaceholder {
valExpanded = repl.ReplaceAll(varStr, "")
}
// see if any of the values given in the matcher match the actual value
for _, v = range vals {
matcherValExpanded = repl.ReplaceAll(v, "")
if valExpanded == matcherValExpanded {
if varStr == matcherValExpanded {
return true, nil
}
}
@ -324,18 +317,16 @@ func (m MatchVarsRE) MatchWithError(r *http.Request) (bool, error) {
vars := r.Context().Value(VarsCtxKey).(map[string]any)
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
var fromPlaceholder, match bool
var valExpanded, varStr string
var match bool
var varStr string
var varValue any
for key, val := range m {
if strings.HasPrefix(key, "{") &&
strings.HasSuffix(key, "}") &&
strings.Count(key, "{") == 1 {
varValue, _ = repl.Get(strings.Trim(key, "{}"))
fromPlaceholder = true
} else {
varValue = vars[key]
fromPlaceholder = false
}
switch vv := varValue.(type) {
@ -351,15 +342,12 @@ func (m MatchVarsRE) MatchWithError(r *http.Request) (bool, error) {
varStr = fmt.Sprintf("%v", vv)
}
// Only expand placeholders in values from literal variable names
// (e.g. map outputs). Values resolved from placeholder keys are
// Don't expand placeholders in values from literal variable names
// (e.g. map outputs) or other placeholders. These values are
// already final and must not be re-expanded, as that would allow
// user input like {env.SECRET} to be evaluated.
valExpanded = varStr
if !fromPlaceholder {
valExpanded = repl.ReplaceAll(varStr, "")
}
if match = val.Match(valExpanded, repl); match {
if match = val.Match(varStr, repl); match {
return match, nil
}
}