Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 6b7c97f

Browse filesBrowse files
AthorcisAthorcis
committed
[HttpFoundation] Fix: Encode path in X-Accel-Redirect header
we need to encode the path in X-Accel-Redirect header, otherwise nginx fail when certain characters are present in it (like % or ?) rack/rack#1306
1 parent ef8252e commit 6b7c97f
Copy full SHA for 6b7c97f

File tree

Expand file treeCollapse file tree

2 files changed

+11
-2
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+11
-2
lines changed

‎BinaryFileResponse.php

Copy file name to clipboardExpand all lines: BinaryFileResponse.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ public function prepare(Request $request): static
229229
$path = $location.substr($path, \strlen($pathPrefix));
230230
// Only set X-Accel-Redirect header if a valid URI can be produced
231231
// as nginx does not serve arbitrary file paths.
232-
$this->headers->set($type, $path);
232+
$this->headers->set($type, rawurlencode($path));
233233
$this->maxlen = 0;
234234
break;
235235
}

‎Tests/BinaryFileResponseTest.php

Copy file name to clipboardExpand all lines: Tests/BinaryFileResponseTest.php
+10-1Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -314,7 +314,15 @@ public function testXAccelMapping($realpath, $mapping, $virtual)
314314
$property->setValue($response, $file);
315315

316316
$response->prepare($request);
317-
$this->assertEquals($virtual, $response->headers->get('X-Accel-Redirect'));
317+
$header = $response->headers->get('X-Accel-Redirect');
318+
319+
if ($virtual) {
320+
// Making sure the path doesn't contain characters unsupported by nginx
321+
$this->assertMatchesRegularExpression('/^([^?%]|%[0-9A-F]{2})*$/', $header);
322+
$header = rawurldecode($header);
323+
}
324+
325+
$this->assertEquals($virtual, $header);
318326
}
319327

320328
public function testDeleteFileAfterSend()
@@ -361,6 +369,7 @@ public static function getSampleXAccelMappings()
361369
['/home/Foo/bar.txt', '/var/www/=/files/,/home/Foo/=/baz/', '/baz/bar.txt'],
362370
['/home/Foo/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', '/baz/bar.txt'],
363371
['/tmp/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', null],
372+
['/var/www/var/www/files/foo%.txt', '/var/www/=/files/', '/files/var/www/files/foo%.txt'],
364373
];
365374
}
366375

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.