From e6bad9f5a48e8fd2ecaab47143dbe82dfd89feb0 Mon Sep 17 00:00:00 2001
From: Jeremy MANSON <jeremy-manson@jmanson.fr>
Date: Tue, 16 May 2017 13:47:23 +0200
Subject: [PATCH] Possible HTTP-Splitting vulnerability

Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain "\n" may lead to http injection.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
Reason: At least variable "$uri" can contain "\n"
---
 conf/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 445eca8..8d98305 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -38,7 +38,7 @@ location ^~ #LOCATION# {
   #rewrite ^/.well-known/host-meta.json #PATH#/public.php?service=host-meta-json last;
 
   location #LOCATION# {
-    rewrite ^ #PATH#/index.php$uri;
+    rewrite ^ #PATH#/index.php$request_uri;
   }
 
   location = #PATH#/robots.txt {