use `Rack::Utils.unescape_path` to unescape paths

Escaping and unescaping paths is different than query parameters, and we
need to respect that.  This commit uses the new method in Rack to escape
and unescape paths.  Fixes #11816

1 files changed, 3 insertions, 3 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb
index 9462ae4278..c4344c9609 100644
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@@ -28,7 +28,7 @@ module ActionDispatch
     # Used by the `Static` class to check the existence of a valid file
     # in the server's `public/` directory (see Static#call).
     def match?(path)
-      path = URI.parser.unescape(path)
+      path = ::Rack::Utils.unescape_path path
       return false unless path.valid_encoding?
       path = Rack::Utils.clean_path_info path
 
@@ -43,7 +43,7 @@ module ActionDispatch
         end
 
       }
-        return ::Rack::Utils.escape(match)
+        return ::Rack::Utils.escape_path(match)
       end
     end
 
@@ -90,7 +90,7 @@ module ActionDispatch
       def gzip_file_path(path)
         can_gzip_mime = content_type(path) =~ /\A(?:text\/|application\/javascript)/
         gzip_path     = "#{path}.gz"
-        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape(gzip_path)))
+        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path)))
           gzip_path
         else
           false