mirror of
https://github.com/actix/actix-web.git
synced 2024-11-22 01:21:10 +00:00
actix-files: fix handling linebreaks in filenames (#3237)
Co-authored-by: Rob Ede <robjtede@icloud.com>
This commit is contained in:
parent
ac04d80d8e
commit
fcfc727295
3 changed files with 13 additions and 5 deletions
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
|
- Fix handling of special characters in filenames.
|
||||||
|
|
||||||
## 0.6.4
|
## 0.6.4
|
||||||
|
|
||||||
- Fix handling of newlines in filenames.
|
- Fix handling of newlines in filenames.
|
||||||
|
|
|
@ -569,18 +569,20 @@ mod tests {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[actix_rt::test]
|
#[actix_rt::test]
|
||||||
async fn test_static_files_with_newlines() {
|
async fn test_static_files_with_special_characters() {
|
||||||
// Create the file we want to test against ad-hoc. We can't check it in as otherwise
|
// Create the file we want to test against ad-hoc. We can't check it in as otherwise
|
||||||
// Windows can't even checkout this repository.
|
// Windows can't even checkout this repository.
|
||||||
let temp_dir = tempfile::tempdir().unwrap();
|
let temp_dir = tempfile::tempdir().unwrap();
|
||||||
let file_with_newlines = temp_dir.path().join("test\nnewline.text");
|
let file_with_newlines = temp_dir.path().join("test\n\x0B\x0C\rnewline.text");
|
||||||
fs::write(&file_with_newlines, "Look at my newlines").unwrap();
|
fs::write(&file_with_newlines, "Look at my newlines").unwrap();
|
||||||
|
|
||||||
let srv = test::init_service(
|
let srv = test::init_service(
|
||||||
App::new().service(Files::new("/", temp_dir.path()).index_file("Cargo.toml")),
|
App::new().service(Files::new("/", temp_dir.path()).index_file("Cargo.toml")),
|
||||||
)
|
)
|
||||||
.await;
|
.await;
|
||||||
let request = TestRequest::get().uri("/test%0Anewline.text").to_request();
|
let request = TestRequest::get()
|
||||||
|
.uri("/test%0A%0B%0C%0Dnewline.text")
|
||||||
|
.to_request();
|
||||||
let response = test::call_service(&srv, request).await;
|
let response = test::call_service(&srv, request).await;
|
||||||
assert_eq!(response.status(), StatusCode::OK);
|
assert_eq!(response.status(), StatusCode::OK);
|
||||||
|
|
||||||
|
|
|
@ -139,8 +139,12 @@ impl NamedFile {
|
||||||
_ => DispositionType::Attachment,
|
_ => DispositionType::Attachment,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Replace newlines in filenames which could occur on some filesystems.
|
// replace special characters in filenames which could occur on some filesystems
|
||||||
let filename_s = filename.replace('\n', "%0A");
|
let filename_s = filename
|
||||||
|
.replace('\n', "%0A") // \n line break
|
||||||
|
.replace('\x0B', "%0B") // \v vertical tab
|
||||||
|
.replace('\x0C', "%0C") // \f form feed
|
||||||
|
.replace('\r', "%0D"); // \r carriage return
|
||||||
let mut parameters = vec![DispositionParam::Filename(filename_s)];
|
let mut parameters = vec![DispositionParam::Filename(filename_s)];
|
||||||
|
|
||||||
if !filename.is_ascii() {
|
if !filename.is_ascii() {
|
||||||
|
|
Loading…
Reference in a new issue