From 769eedfa00eec8d168fabcf620933b08acb57447 Mon Sep 17 00:00:00 2001
From: Jeremy MANSON <jeremy-manson@jmanson.fr>
Date: Wed, 23 Aug 2017 09:13:56 +0200
Subject: [PATCH] Possible HTTP-Splitting vulnerability (#33)

Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain "\n" may lead to http injection.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
Reason: At least variable "$uri" can contain "\n"
---
 conf/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 82c54ad..19c3d38 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -37,7 +37,7 @@ location ^~ #LOCATION# {
   #rewrite ^/.well-known/host-meta.json #PATH#/public.php?service=host-meta-json last;
 
   location #LOCATION# {
-    rewrite ^ #PATH#/index.php$uri;
+    rewrite ^ #PATH#/index.php$request_uri;
   }
 
   location = #PATH#/robots.txt {