Merge commit from fork

fix: add ARGS to sanitize list only if it's not added yet

Author: airween

apache2/modsecurity.h

@@ -693,6 +693,7 @@ struct msc_arg {
     unsigned int             value_origin_offset;
     unsigned int             value_origin_len;
     const char              *origin;
+    unsigned int             marked_for_sanitization;
 };
 
 struct msc_string {

apache2/msc_json.c

@@ -70,6 +70,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
         return 0;
     }
 
+    arg->marked_for_sanitization = 0;
     apr_table_addn(msr->arguments,
         log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *) arg);
 

apache2/msc_parsers.c

@@ -350,6 +350,7 @@ void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg)
     assert(msr != NULL);
     assert(arguments != NULL);
     assert(arg != NULL);
+    arg->marked_for_sanitization = 0;
     if (msr->txcfg->debuglog_level >= 5) {
         msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"",
                 arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),

apache2/re_actions.c

@@ -1527,8 +1527,9 @@ static apr_status_t msre_action_sanitizeMatched_execute(modsec_rec *msr, apr_poo
             for (i = 0; i < tarr->nelts; i++) {
                 msc_arg *arg = (msc_arg *)telts[i].val;
                 assert(arg != NULL);
-                if (strcasecmp(sargname, arg->name) == 0) {
+                if (arg->marked_for_sanitization == 0 && strcasecmp(sargname, arg->name) == 0) {
                     apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
+                    arg->marked_for_sanitization = 1;
                 }
             }
             break;