Properly escape glob characters.

1 files changed, 12 insertions, 3 deletions

diff --git a/actionpack/lib/action_view/template/resolver.rb b/actionpack/lib/action_view/template/resolver.rb
index 7abaa07bc7..e78d3a82be 100644
--- a/actionpack/lib/action_view/template/resolver.rb
+++ b/actionpack/lib/action_view/template/resolver.rb
@@ -142,8 +142,12 @@ module ActionView
     # Helper for building query glob string based on resolver's pattern.
     def build_query(path, details)
       query = @pattern.dup
-      query.gsub!(/\:prefix(\/)?/, path.prefix.empty? ? "" : "#{path.prefix}\\1") # prefix can be empty...
-      query.gsub!(/\:action/, path.partial? ? "_#{path.name}" : path.name)
+
+      prefix = path.prefix.empty? ? "" : "#{escape_entry(path.prefix)}\\1"
+      query.gsub!(/\:prefix(\/)?/, prefix)
+
+      partial = escape_entry(path.partial? ? "_#{path.name}" : path.name)
+      query.gsub!(/\:action/, partial)
 
       details.each do |ext, variants|
         query.gsub!(/\:#{ext}/, "{#{variants.compact.uniq.join(',')}}")
@@ -152,6 +156,10 @@ module ActionView
       File.expand_path(query, @path)
     end
 
+    def escape_entry(entry)
+      entry.gsub(/(\*|\[|\]|\{|\}|\?)/, "\\\\\\1")
+    end
+
     # Returns the file mtime from the filesystem.
     def mtime(p)
       File.mtime(p)
@@ -228,8 +236,9 @@ module ActionView
   class OptimizedFileSystemResolver < FileSystemResolver #:nodoc:
     def build_query(path, details)
       exts = EXTENSIONS.map { |ext| details[ext] }
+      query = escape_entry(File.join(@path, path))
 
-      File.join(@path, path) + exts.map { |ext|
+      query + exts.map { |ext|
         "{#{ext.compact.uniq.map { |e| ".#{e}," }.join}}"
       }.join
     end