Merge pull request #5066 from lest/patch-1

escape static file path to prevent double unescaping

Merge pull request #5066 from lest/patch-1
escape static file path to prevent double unescaping
4bb6ed77 · José Valim · decafdd5 · d07b2f3e · 4bb6ed77 · 4bb6ed77
3 changed file
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@@ -18,7 +18,7 @@ def match?(path)
      match = matches.detect { |m| File.file?(m) }
      if match
        match.sub!(@compiled_root, '')
-        match
+        ::Rack::Utils.escape(match)
      end
    end

--- a/actionpack/test/dispatch/static_test.rb
+++ b/actionpack/test/dispatch/static_test.rb
@@ -35,6 +35,10 @@ def test_served_static_file_with_non_english_filename
    assert_html "means hello in Japanese\n", get("/foo/#{Rack::Utils.escape("こんにちは.html")}")
  end
+  def test_serves_static_file_with_plus_in_filename
+    assert_html "foo+bar\n", get('/foo/foo%2Bbar.html')
+  end
  private
    def assert_html(body, response)

--- a/actionpack/test/fixtures/public/foo/foo+bar.html
+++ b/actionpack/test/fixtures/public/foo/foo+bar.html
+foo+bar