Skip to content

Escape special characters in Varnish::banPath() host patterns #592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Escape special characters in Varnish::banPath() host patterns #592

wants to merge 1 commit into from

Conversation

jdreesen
Copy link
Contributor

Hostnames contain characters such as ., which should be escaped in a regex in order to match literally.

dbu
dbu reviewed Jun 17, 2025
View reviewed changes
Copy link
Contributor

@dbu dbu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the documentation on the interface tells that if hosts is a string, it is expected to be a regex, but if its an array, its "exact host names". so this fix seems correct to me.

thanks for looking into it.

i would rather only change this in the 3.x branch, as 2.x is legacy at this point and 3.x the current version. this is not a security issue - it prevents unnecessary cache banning in an extreme edge cases where domain names only differ by a tiny bit. okay for you if i merge this to 3.x only?

@jdreesen
Copy link
Contributor Author

Yes, we're still working on the 2.x branch, but we're not currently using this function. We have just discovered it during a review.

I'll rebase onto 3.x.

@jdreesen jdreesen force-pushed the fix/escape-hosts-in-regex branch from 288df37 to 44abf40 Compare June 17, 2025 08:02
@jdreesen jdreesen changed the base branch from 2.x to 3.x June 17, 2025 08:02
@jdreesen jdreesen force-pushed the fix/escape-hosts-in-regex branch from 44abf40 to 38ee83e Compare June 17, 2025 09:02
@dbu dbu mentioned this pull request Jun 17, 2025
Merged
@dbu
Copy link
Contributor

dbu commented Jun 17, 2025

i fixed the build in the 3.x branch and added a changelog in #592

@dbu dbu closed this Jun 17, 2025
jdreesen
jdreesen commented Jun 17, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbu dbu dbu left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdreesen @dbu