mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-01-31 15:53:10 +08:00
d5e65d1afe
Previously, when using `unsafe: true` with full URLs (e.g., `GET http://example.com/path HTTP/1.1`), the `Parse` func would treat the full URL as a relative path, resulting in malformed requests like `GET /http://example.com/path HTTP/1.1`. This occurred because the full URL handling logic was only executed for non-unsafe requests, causing unsafe requests with full URLs to fall through to the unsafe case which wasn't designed to handle them. Changes: * Extract full URL handling before mode-specific logic runs. * Convert full URLs to relative paths for both safe and unsafe modes. * Update `UnsafeRawBytes` with the correct relative path when unsafe is true. * Ensure path merging works correctly with `disable-path-automerge`. This fix maintains backward compatibility while properly supporting the previously broken combination of unsafe mode with full URLs. Fixes #6558. Signed-off-by: Dwi Siswanto <git@dw1.io>