From 86d3bc37b8f302e8dbe5ad1095ea2723fc87f8c0 Mon Sep 17 00:00:00 2001 From: Andrew White Date: Fri, 17 Feb 2012 14:06:38 +0000 Subject: Fix ActionDispatch::Static to serve files with unencoded PCHAR RFC 3986[1] allows sub-delim characters in path segments unencoded, however Rack::File requires them to be encoded so we use URI's unescape method to leave them alone and then escape them again. Also since the path gets passed to Dir[] we need to escape any glob characters in the path. [1]: http://www.ietf.org/rfc/rfc3986.txt --- actionpack/test/dispatch/static_test.rb | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'actionpack/test/dispatch') diff --git a/actionpack/test/dispatch/static_test.rb b/actionpack/test/dispatch/static_test.rb index 9f3cbd19ef..ec69d50d26 100644 --- a/actionpack/test/dispatch/static_test.rb +++ b/actionpack/test/dispatch/static_test.rb @@ -30,6 +30,34 @@ module StaticTests assert_html "/foo/index.html", get("/foo") end + def test_serves_static_file_with_encoded_pchar + assert_html "/foo/foo!bar.html", get("/foo/foo%21bar.html") + assert_html "/foo/foo$bar.html", get("/foo/foo%24bar.html") + assert_html "/foo/foo&bar.html", get("/foo/foo%26bar.html") + assert_html "/foo/foo'bar.html", get("/foo/foo%27bar.html") + assert_html "/foo/foo(bar).html", get("/foo/foo%28bar%29.html") + assert_html "/foo/foo*bar.html", get("/foo/foo%2Abar.html") + assert_html "/foo/foo+bar.html", get("/foo/foo%2Bbar.html") + assert_html "/foo/foo,bar.html", get("/foo/foo%2Cbar.html") + assert_html "/foo/foo;bar.html", get("/foo/foo%3Bbar.html") + assert_html "/foo/foo:bar.html", get("/foo/foo%3Abar.html") + assert_html "/foo/foo@bar.html", get("/foo/foo%40bar.html") + end + + def test_serves_static_file_with_unencoded_pchar + assert_html "/foo/foo!bar.html", get("/foo/foo!bar.html") + assert_html "/foo/foo$bar.html", get("/foo/foo$bar.html") + assert_html "/foo/foo&bar.html", get("/foo/foo&bar.html") + assert_html "/foo/foo'bar.html", get("/foo/foo'bar.html") + assert_html "/foo/foo(bar).html", get("/foo/foo(bar).html") + assert_html "/foo/foo*bar.html", get("/foo/foo*bar.html") + assert_html "/foo/foo+bar.html", get("/foo/foo+bar.html") + assert_html "/foo/foo,bar.html", get("/foo/foo,bar.html") + assert_html "/foo/foo;bar.html", get("/foo/foo;bar.html") + assert_html "/foo/foo:bar.html", get("/foo/foo:bar.html") + assert_html "/foo/foo@bar.html", get("/foo/foo@bar.html") + end + private def assert_html(body, response) -- cgit v1.2.3