Caddy 2.7: uri replace does not work with closing brackets ( '}' )

[Branyac]

Hi,

I'm using caddy to sanitize URIs.

I created a rule in Caddyfile to replace bad encoded brackets with the correct encoding, but it's not working with closing brackets.

I think this is a bug because I tried to escape the brackets in Caddyfile following the rules in https://caddyserver.com/docs/caddyfile/concepts#tokens-and-quotes but only works with opening brackets.

Steps to reproduce:

1. Create a Caddyfile with this content:

:80
uri replace "\}" %7D
uri replace "\{" %7B

respond "{query}"

2. In the same folder create the docker-compose.yml file with this content:

version: '3.7'
services:
  caddy:
    image: caddy:2.7-alpine
    restart: always
    ports:
      - "8080:80"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile

3. Run caddy with the command docker compose up
4. Make an HTTP call with this command: curl --location --globoff --request POST 'http://127.0.0.1:8080/endpoint?test={%20content%20}'

You'll notice that opening bracket is replaced by %7B, as expected, but closing bracket is not replaced.

[armadi1809]

I will be taking a look at this shortly!

[mholt]

Thanks!!

[armadi1809]

I just submitted a PR that should fix this. In the beginning of func (r *Replacer) replace, we only check if the string does not contain an opening brace to determine if we should just return the same input, which means that we are treating the closing brace as a regular input that should not be escaped. Adding a similar check around the closing brace did the trick.