conf: add some missing escapes

2025-06-06 11:39:23 +03:00
parent 50d0bbeedf
commit db627f7255
17 changed files with 27 additions and 27 deletions
--- a/angie/conf/brotli/types.conf.j2
+++ b/angie/conf/brotli/types.conf.j2
@@ -3,7 +3,7 @@
 {%- if mime_types -%}
 brotli_types
 {%- for t in mime_types %}
-    {{ t }}
+    {{ t | ngx_esc }}
 {%- endfor %}
 ;
 {%- endif -%}
--- a/angie/conf/gzip/types.conf.j2
+++ b/angie/conf/gzip/types.conf.j2
@@ -3,7 +3,7 @@
 {%- if mime_types -%}
 gzip_types
 {%- for t in mime_types %}
-    {{ t }}
+    {{ t | ngx_esc }}
 {%- endfor %}
 ;
 {%- endif -%}
--- a/angie/conf/http-ssl.conf.j2
+++ b/angie/conf/http-ssl.conf.j2
@@ -4,7 +4,7 @@ include conf/ssl/*.conf;
 ssl_buffer_size  4k;

 {%- if env.NGX_HTTP_SSL_PROFILE %}
-include snip/ssl-{{ env.NGX_HTTP_SSL_PROFILE }};
+include  {{ "snip/ssl-{}".format(env.NGX_HTTP_SSL_PROFILE) | ngx_esc }};
 {%- endif %}

 {%- if j2cfg.tls.stapling.enable %}
--- a/angie/conf/mail-ssl.conf.j2
+++ b/angie/conf/mail-ssl.conf.j2
@@ -1,5 +1,5 @@
 include conf/ssl/*.conf;

 {%- if env.NGX_MAIL_SSL_PROFILE %}
-include snip/ssl-{{ env.NGX_MAIL_SSL_PROFILE }};
+include  {{ "snip/ssl-{}".format(env.NGX_MAIL_SSL_PROFILE) | ngx_esc }};
 {%- endif %}
--- a/angie/conf/stream-ssl.conf.j2
+++ b/angie/conf/stream-ssl.conf.j2
@@ -1,5 +1,5 @@
 include conf/ssl/*.conf;

 {%- if env.NGX_STREAM_SSL_PROFILE %}
-include snip/ssl-{{ env.NGX_STREAM_SSL_PROFILE }};
+include  {{ "snip/ssl-{}".format(env.NGX_STREAM_SSL_PROFILE) | ngx_esc }};
 {%- endif %}
--- a/angie/conf/zstd/types.conf.j2
+++ b/angie/conf/zstd/types.conf.j2
@@ -3,7 +3,7 @@
 {%- if mime_types -%}
 zstd_types
 {%- for t in mime_types %}
-    {{ t }}
+    {{ t | ngx_esc }}
 {%- endfor %}
 ;
 {%- endif -%}
--- a/angie/snip/fastcgi-response-headers.j2
+++ b/angie/snip/fastcgi-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-fastcgi_hide_header  {{ h }};
+fastcgi_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/grpc-request-headers.j2
+++ b/angie/snip/grpc-request-headers.j2
@@ -2,5 +2,5 @@
 ## set/remove request headers
 {%- set req_hdr_dict = j2cfg.request_headers or {} -%}
 {%- for h, v in req_hdr_dict|dictsort %}
-grpc_set_header  {{ h }}  {{ v | ngx_esc }};
+grpc_set_header  {{ h | ngx_esc }}  {{ v | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/grpc-response-headers.j2
+++ b/angie/snip/grpc-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-grpc_hide_header  {{ h }};
+grpc_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/http-response-headers.j2
+++ b/angie/snip/http-response-headers.j2
@@ -2,5 +2,5 @@
 ## add response headers
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- for h, v in resp_hdr_dict|dictsort %}
-add_header  {{ h }}  {{ v | ngx_esc }};
+add_header  {{ h | ngx_esc }}  {{ v | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/proxy-request-headers.j2
+++ b/angie/snip/proxy-request-headers.j2
@@ -2,5 +2,5 @@
 ## set/remove request headers
 {%- set req_hdr_dict = j2cfg.request_headers or {} -%}
 {%- for h, v in req_hdr_dict|dictsort %}
-proxy_set_header  {{ h }}  {{ v | ngx_esc }};
+proxy_set_header  {{ h | ngx_esc }}  {{ v | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/proxy-response-headers.j2
+++ b/angie/snip/proxy-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-proxy_hide_header  {{ h }};
+proxy_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/scgi-response-headers.j2
+++ b/angie/snip/scgi-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-scgi_hide_header  {{ h }};
+scgi_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/ssl-profile.j2inc
+++ b/angie/snip/ssl-profile.j2inc
@@ -1,28 +1,28 @@
 {%- if ssl_profile.protocols %}
-ssl_protocols {{ ssl_profile.protocols }};
+ssl_protocols {{ ssl_profile.protocols | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.prefer_server_ciphers %}
-ssl_prefer_server_ciphers {{ ssl_profile.prefer_server_ciphers }};
+ssl_prefer_server_ciphers {{ ssl_profile.prefer_server_ciphers | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.ciphers %}
-ssl_ciphers {{ ssl_profile.ciphers }};
+ssl_ciphers {{ ssl_profile.ciphers | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.dhparam %}
-ssl_dhparam {{ ssl_profile.dhparam }};
+ssl_dhparam {{ ssl_profile.dhparam | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.ecdh_curve %}
-ssl_ecdh_curve {{ ssl_profile.ecdh_curve }};
+ssl_ecdh_curve {{ ssl_profile.ecdh_curve | ngx_esc }};
 {%- endif %}

 {%- if ssl_profile.session_cache %}
-ssl_session_cache {{ ssl_profile.session_cache }};
+ssl_session_cache {{ ssl_profile.session_cache | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_timeout %}
-ssl_session_timeout {{ ssl_profile.session_timeout }};
+ssl_session_timeout {{ ssl_profile.session_timeout | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_tickets %}
-ssl_session_tickets {{ ssl_profile.session_tickets }};
+ssl_session_tickets {{ ssl_profile.session_tickets | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_ticket_key %}
-ssl_session_ticket_key {{ ssl_profile.session_ticket_key }};
+ssl_session_ticket_key {{ ssl_profile.session_ticket_key | ngx_esc }};
 {%- endif %}
--- a/angie/snip/uwsgi-response-headers.j2
+++ b/angie/snip/uwsgi-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-uwsgi_hide_header  {{ h }};
+uwsgi_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/doc/examples/config-template/README.md
+++ b/doc/examples/config-template/README.md
@@ -3,12 +3,12 @@
 configuration:

 ```nginx
-{%- import 'snip/cache.j2mod' as ngx_cache -%}
+{%- import 'snip/cache.j2mod' as _cache -%}

 {%- set my_caches = (j2cfg.my_caches or []) -%}

 {%- for h in my_caches %}
-{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
+{{ _cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
 {%- endfor %}

 server {
--- a/doc/examples/config-template/conf/site/http-my-cache.conf.j2
+++ b/doc/examples/config-template/conf/site/http-my-cache.conf.j2
@@ -1,4 +1,4 @@
-{%- import 'snip/cache.j2mod' as ngx_cache -%}
+{%- import 'snip/cache.j2mod' as _cache -%}
 {%- set my_caches = (j2cfg.my_caches or []) -%}

 map $uri
@@ -34,7 +34,7 @@ proxy_cache_use_stale     error  timeout  invalid_header  updating  http_429  ht
 proxy_cache_revalidate    on;

 {%- for h in my_caches %}
-{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
+{{ _cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
 {%- endfor %}

 server {