1# vi:filetype=
2
3use lib 'lib';
4use Test::Nginx::Socket;
5
6repeat_each(2);
7
8plan tests => repeat_each() * (2 * blocks() + 6);
9
10#$Test::Nginx::LWP::LogLevel = 'debug';
11
12run_tests();
13
14__DATA__
15
16=== TEST 1: sanity
17--- config
18    location /echo {
19        echo hello;
20    }
21--- request
22    GET /echo
23--- response_body
24hello
25
26
27
28=== TEST 2: multiple args
29--- config
30    location /echo {
31        echo say hello world;
32    }
33--- request
34    GET /echo
35--- response_body
36say hello world
37
38
39
40=== TEST 3: multiple directive instances
41--- config
42    location /echo {
43        echo say that;
44        echo hello;
45        echo world !;
46    }
47--- request
48    GET /echo
49--- response_body
50say that
51hello
52world !
53
54
55
56=== TEST 4: echo without arguments
57--- config
58    location /echo {
59        echo;
60        echo;
61    }
62--- request
63    GET /echo
64--- response_body eval
65"\n\n"
66
67
68
69=== TEST 5: escaped newline
70--- config
71    location /echo {
72        echo "hello\nworld";
73    }
74--- request
75    GET /echo
76--- response_body
77hello
78world
79
80
81
82=== TEST 6: escaped tabs and \r and " wihtin "..."
83--- config
84    location /echo {
85        echo "i say \"hello\tworld\"\r";
86    }
87--- request
88    GET /echo
89--- response_body eval: "i say \"hello\tworld\"\r\n"
90
91
92
93=== TEST 7: escaped tabs and \r and " in single quotes
94--- config
95    location /echo {
96        echo 'i say \"hello\tworld\"\r';
97    }
98--- request
99    GET /echo
100--- response_body eval: "i say \"hello\tworld\"\r\n"
101
102
103
104=== TEST 8: escaped tabs and \r and " w/o any quotes
105--- config
106    location /echo {
107        echo i say \"hello\tworld\"\r;
108    }
109--- request
110    GET /echo
111--- response_body eval: "i say \"hello\tworld\"\r\n"
112
113
114
115=== TEST 9: escaping $
116As of Nginx 0.8.20, there's still no way to escape the '$' character.
117--- config
118    location /echo {
119        echo \$;
120    }
121--- request
122    GET /echo
123--- response_body
124$
125--- SKIP
126
127
128
129=== TEST 10: XSS
130--- config
131    location /blah {
132        echo_duplicate 1 "$arg_callback(";
133        echo_location_async "/data?$uri";
134        echo_duplicate 1 ")";
135    }
136    location /data {
137        echo_duplicate 1 '{"dog":"$query_string"}';
138    }
139--- request
140    GET /blah/9999999.json?callback=ding1111111
141--- response_body chomp
142ding1111111({"dog":"/blah/9999999.json"})
143
144
145
146=== TEST 11: XSS - filter version
147--- config
148    location /blah {
149        echo_before_body "$arg_callback(";
150
151        echo_duplicate 1 '{"dog":"$uri"}';
152
153        echo_after_body ")";
154    }
155--- request
156    GET /blah/9999999.json?callback=ding1111111
157--- response_body
158ding1111111(
159{"dog":"/blah/9999999.json"})
160
161
162
163=== TEST 12: if
164--- config
165location /first {
166 echo "before";
167 echo_location_async /second $request_uri;
168 echo "after";
169}
170
171location = /second {
172 if ($query_string ~ '([^?]+)') {
173     set $memcached_key $1;  # needing this to be keyed on the request_path, not the entire uri
174     echo $memcached_key;
175 }
176}
177--- request
178    GET /first/9999999.json?callback=ding1111111
179--- response_body
180before
181/first/9999999.json
182after
183
184
185
186=== TEST 13: echo -n
187--- config
188    location /echo {
189        echo -n hello;
190        echo -n world;
191    }
192--- request
193    GET /echo
194--- response_body chop
195helloworld
196
197
198
199=== TEST 14: echo a -n
200--- config
201    location /echo {
202        echo a -n hello;
203        echo b -n world;
204    }
205--- request
206    GET /echo
207--- response_body
208a -n hello
209b -n world
210
211
212
213=== TEST 15: -n in a var
214--- config
215    location /echo {
216        set $opt -n;
217        echo $opt hello;
218        echo $opt world;
219    }
220--- request
221    GET /echo
222--- response_body
223-n hello
224-n world
225
226
227
228=== TEST 16: -n only
229--- config
230    location /echo {
231        echo -n;
232        echo -n;
233    }
234--- request
235    GET /echo
236--- response_body chop
237
238
239
240=== TEST 17: -n with an empty string
241--- config
242    location /echo {
243        echo -n "";
244        set $empty "";
245        echo -n $empty;
246    }
247--- request
248    GET /echo
249--- response_body chop
250
251
252
253=== TEST 18: -- -n
254--- config
255    location /echo {
256        echo -- -n hello;
257        echo -- -n world;
258    }
259--- request
260    GET /echo
261--- response_body
262-n hello
263-n world
264
265
266
267=== TEST 19: -n -n
268--- config
269    location /echo {
270        echo -n -n hello;
271        echo -n -n world;
272    }
273--- request
274    GET /echo
275--- response_body chop
276helloworld
277
278
279
280=== TEST 20: -n -- -n
281--- config
282    location /echo {
283        echo -n -- -n hello;
284        echo -n -- -n world;
285    }
286--- request
287    GET /echo
288--- response_body chop
289-n hello-n world
290
291
292
293=== TEST 21: proxy
294--- config
295    location /main {
296        proxy_pass http://127.0.0.1:$server_port/echo;
297    }
298    location /echo {
299        echo hello;
300        echo world;
301    }
302--- request
303    GET /main
304--- response_headers
305!Content-Length
306--- response_body
307hello
308world
309
310
311
312=== TEST 22: if is evil
313--- config
314    location /test {
315        set $a 3;
316        set_by_lua $a '
317            if ngx.var.a == "3" then
318                return 4
319            end
320        ';
321        echo $a;
322    }
323--- request
324    GET /test
325--- response_body
3264
327--- SKIP
328
329
330
331=== TEST 23: HEAD
332--- config
333    location /echo {
334        echo hello;
335        echo world;
336    }
337--- request
338    HEAD /echo
339--- response_body
340
341
342
343=== TEST 24: POST
344--- config
345    location /echo {
346        echo hello;
347        echo world;
348    }
349--- pipelined_requests eval
350["POST /echo
351blah blah", "POST /echo
352foo bar baz"]
353--- response_body eval
354["hello\nworld\n","hello\nworld\n"]
355
356
357
358=== TEST 25: POST
359--- config
360    location /echo {
361        echo_sleep 0.001;
362        echo hello;
363        echo world;
364    }
365--- pipelined_requests eval
366["POST /echo
367blah blah", "POST /echo
368foo bar baz"]
369--- response_body eval
370["hello\nworld\n","hello\nworld\n"]
371
372
373
374=== TEST 26: empty arg after -n (github issue #33)
375--- config
376    location = /t {
377        set $empty "";
378        echo -n $empty hello world;
379    }
380--- request
381    GET /t
382--- response_body chop
383 hello world
384
385
386
387=== TEST 27: image filter
388--- config
389    location = /gif {
390        empty_gif;
391    }
392
393    location = /t {
394        default_type image/gif;
395        image_filter resize 10 10;
396        set $gif1 '';
397        set $gif2 '';
398        rewrite_by_lua '
399            local res = ngx.location.capture("/gif")
400            local data = res.body
401            ngx.var.gif1 = string.sub(data, 1, #data - 1)
402            ngx.var.gif2 = string.sub(data, #data)
403        ';
404        echo -n $gif1;
405        echo -n $gif2;
406    }
407--- request
408    GET /t
409--- stap
410F(ngx_http_image_header_filter) {
411    println("image header filter")
412}
413--- stap_out
414image header filter
415--- response_body_like: .
416
417