From ccf007fe8c13f0d79b3a250e24193fe1ac9ef61f Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 15 Oct 2021 14:08:02 +0300
Subject: [PATCH] Better URL escaping in output

---
 handler.go                     | 20 ++++++++++++++------
 rc/cgi.go                      |  4 ++--
 rc/example.cfg/proxied-host.go |  8 ++++----
 rc/example.cfg/static.go       |  1 -
 rc/redirect.go                 |  4 +++-
 5 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/handler.go b/handler.go
index 4593a2f..8953a80 100644
--- a/handler.go
+++ b/handler.go
@@ -25,6 +25,7 @@ import (
 	"io/ioutil"
 	"log"
 	"net/http"
+	"net/url"
 	"os"
 	"path"
 	"strconv"
@@ -62,6 +63,13 @@ var (
 	MainHandler Handler
 )
 
+func PathWithQuery(u *url.URL) string {
+	if u.RawQuery == "" {
+		return u.EscapedPath()
+	}
+	return u.EscapedPath() + "?" + u.RawQuery
+}
+
 type Handler struct{}
 
 func (h Handler) Handle(
@@ -70,7 +78,7 @@ func (h Handler) Handle(
 ) {
 	notFound := func() {
 		fmt.Printf("%s %s \"%s %+q %s\" %d \"%s\"\n",
-			r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+			r.RemoteAddr, host, r.Method, PathWithQuery(r.URL), r.Proto,
 			http.StatusNotFound,
 			r.Header.Get("User-Agent"),
 		)
@@ -91,7 +99,7 @@ func (h Handler) Handle(
 	}
 	printErr := func(code int, err error) {
 		fmt.Printf("%s %s \"%s %+q %s\" %d \"%s\" %s\"%s\"\n",
-			r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+			r.RemoteAddr, host, r.Method, PathWithQuery(r.URL), r.Proto,
 			code, err.Error(),
 			username, r.Header.Get("User-Agent"),
 		)
@@ -140,7 +148,7 @@ func (h Handler) Handle(
 		wc := &CountResponseWriter{ResponseWriter: w}
 		dav.ServeHTTP(wc, r)
 		fmt.Printf("%s %s \"WebDAV %+q\" %d %d %s\"%s\"\n",
-			r.RemoteAddr, host, r.URL.Path,
+			r.RemoteAddr, host, PathWithQuery(r.URL),
 			wc.Status, wc.Size,
 			username, r.Header.Get("User-Agent"),
 		)
@@ -149,7 +157,7 @@ func (h Handler) Handle(
 
 	if !(r.Method == "" || r.Method == http.MethodGet) {
 		fmt.Printf("%s %s \"%s %+q %s\" %d %s\"%s\"\n",
-			r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+			r.RemoteAddr, host, r.Method, PathWithQuery(r.URL), r.Proto,
 			http.StatusMethodNotAllowed,
 			username, r.Header.Get("User-Agent"),
 		)
@@ -286,7 +294,7 @@ IndexLookup:
 		w.WriteHeader(wr.status)
 		w.Write(bufCompressed.Bytes())
 		fmt.Printf("%s %s \"%s %+q %s\" %d %d %s\"%s\"\n",
-			r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+			r.RemoteAddr, host, r.Method, PathWithQuery(r.URL), r.Proto,
 			wr.status, size,
 			username, r.Header.Get("User-Agent"),
 		)
@@ -294,7 +302,7 @@ IndexLookup:
 	}
 	wr := wc.(*CountResponseWriter)
 	fmt.Printf("%s %s \"%s %+q %s\" %d %d %s\"%s\"\n",
-		r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+		r.RemoteAddr, host, r.Method, PathWithQuery(r.URL), r.Proto,
 		wr.Status, wr.Size,
 		username, r.Header.Get("User-Agent"),
 	)
diff --git a/rc/cgi.go b/rc/cgi.go
index e17935a..cce9aee 100644
--- a/rc/cgi.go
+++ b/rc/cgi.go
@@ -26,13 +26,13 @@ import (
 )
 
 func RunCGIAndLog(host string, w http.ResponseWriter, r *http.Request, h *cgi.Handler) {
-	wc := &godlighty.CountResponseWriter{ResponseWriter: w}
 	if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
 		h.Env = append(h.Env, "TLSREMOTEDN="+r.TLS.PeerCertificates[0].Subject.String())
 	}
+	wc := &godlighty.CountResponseWriter{ResponseWriter: w}
 	h.ServeHTTP(wc, r)
 	fmt.Printf("%s %s \"%s %+q %s\" %d %d \"%s\"\n",
-		r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+		r.RemoteAddr, host, r.Method, godlighty.PathWithQuery(r.URL), r.Proto,
 		wc.Status, wc.Size,
 		r.Header.Get("User-Agent"),
 	)
diff --git a/rc/example.cfg/proxied-host.go b/rc/example.cfg/proxied-host.go
index 5b61c4d..a11f728 100644
--- a/rc/example.cfg/proxied-host.go
+++ b/rc/example.cfg/proxied-host.go
@@ -20,8 +20,8 @@ func init() {
 				resp, err := http.DefaultClient.Do(r)
 				if err != nil {
 					fmt.Printf("%s %s \"%s %+q %s\" %d \"%s\" \"%s\"\n",
-						r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
-						http.StatusBadGateway, err.Error(),
+						r.RemoteAddr, host, r.Method, godlighty.PathWithQuery(r.URL),
+						r.Proto, http.StatusBadGateway, err.Error(),
 						r.Header.Get("User-Agent"),
 					)
 					http.Error(w, err.Error(), http.StatusBadGateway)
@@ -36,8 +36,8 @@ func init() {
 				size, _ := io.Copy(w, resp.Body)
 				resp.Body.Close()
 				fmt.Printf("%s %s \"%s %+q %s\" %d %d \"%s\"\n",
-					r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
-					resp.StatusCode, size,
+					r.RemoteAddr, host, r.Method, godlighty.PathWithQuery(r.URL),
+					r.Proto, resp.StatusCode, size,
 					r.Header.Get("User-Agent"),
 				)
 				return true
diff --git a/rc/example.cfg/static.go b/rc/example.cfg/static.go
index f1559c8..3cbe3fb 100644
--- a/rc/example.cfg/static.go
+++ b/rc/example.cfg/static.go
@@ -27,7 +27,6 @@ func addStaticWebDAVedDir(host, root string) {
 	godlighty.Hosts[host].WebDAV = true
 }
 
-
 func init() {
 	addStaticCfg("www.stargrave.org", "stargrave.org")
 
diff --git a/rc/redirect.go b/rc/redirect.go
index 2039a07..677479f 100644
--- a/rc/redirect.go
+++ b/rc/redirect.go
@@ -20,6 +20,8 @@ package rc
 import (
 	"fmt"
 	"net/http"
+
+	"go.stargrave.org/godlighty"
 )
 
 func Redirect(
@@ -29,7 +31,7 @@ func Redirect(
 ) {
 	http.Redirect(w, r, to, status)
 	fmt.Printf("%s %s \"%s %+q %s\" %d \"%s\"\n",
-		r.RemoteAddr, host, r.Method, r.URL.Path, r.Proto,
+		r.RemoteAddr, host, r.Method, godlighty.PathWithQuery(r.URL), r.Proto,
 		status, r.Header.Get("User-Agent"),
 	)
 }
-- 
2.44.0