mirror of
https://github.com/fafhrd91/actix-web
synced 2024-11-30 18:44:35 +01:00
actix-files: Properly handle newlines in file names (#3235)
This commit is contained in:
parent
561cc440b2
commit
febba786fa
@ -3,6 +3,7 @@
|
|||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
- Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.
|
- Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.
|
||||||
|
- Properly handle newlines in filenames. [#3235]
|
||||||
|
|
||||||
## 0.6.3
|
## 0.6.3
|
||||||
|
|
||||||
|
@ -568,6 +568,26 @@ mod tests {
|
|||||||
assert_eq!(bytes, data);
|
assert_eq!(bytes, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[actix_rt::test]
|
||||||
|
async fn test_static_files_with_newlines() {
|
||||||
|
// Create the file we want to test against ad-hoc. We can't check it in as otherwise
|
||||||
|
// Windows can't even checkout this repository.
|
||||||
|
let tmpdir = tempfile::tempdir().unwrap();
|
||||||
|
let file_with_newlines = tmpdir.path().join("test\nnewline.text");
|
||||||
|
fs::write(&file_with_newlines, "Look at my newlines").unwrap();
|
||||||
|
let srv = test::init_service(
|
||||||
|
App::new().service(Files::new("", tmpdir.path()).index_file("Cargo.toml")),
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
let request = TestRequest::get().uri("/test%0Anewline.text").to_request();
|
||||||
|
let response = test::call_service(&srv, request).await;
|
||||||
|
assert_eq!(response.status(), StatusCode::OK);
|
||||||
|
|
||||||
|
let bytes = test::read_body(response).await;
|
||||||
|
let data = web::Bytes::from(fs::read(file_with_newlines).unwrap());
|
||||||
|
assert_eq!(bytes, data);
|
||||||
|
}
|
||||||
|
|
||||||
#[actix_rt::test]
|
#[actix_rt::test]
|
||||||
async fn test_files_not_allowed() {
|
async fn test_files_not_allowed() {
|
||||||
let srv = test::init_service(App::new().service(Files::new("/", "."))).await;
|
let srv = test::init_service(App::new().service(Files::new("/", "."))).await;
|
||||||
@ -842,7 +862,7 @@ mod tests {
|
|||||||
async fn test_percent_encoding_2() {
|
async fn test_percent_encoding_2() {
|
||||||
let tmpdir = tempfile::tempdir().unwrap();
|
let tmpdir = tempfile::tempdir().unwrap();
|
||||||
let filename = match cfg!(unix) {
|
let filename = match cfg!(unix) {
|
||||||
true => "ض:?#[]{}<>()@!$&'`|*+,;= %20.test",
|
true => "ض:?#[]{}<>()@!$&'`|*+,;= %20\n.test",
|
||||||
false => "ض#[]{}()@!$&'`+,;= %20.test",
|
false => "ض#[]{}()@!$&'`+,;= %20.test",
|
||||||
};
|
};
|
||||||
let filename_encoded = filename
|
let filename_encoded = filename
|
||||||
|
@ -24,7 +24,6 @@ use bitflags::bitflags;
|
|||||||
use derive_more::{Deref, DerefMut};
|
use derive_more::{Deref, DerefMut};
|
||||||
use futures_core::future::LocalBoxFuture;
|
use futures_core::future::LocalBoxFuture;
|
||||||
use mime::Mime;
|
use mime::Mime;
|
||||||
use mime_guess::from_path;
|
|
||||||
|
|
||||||
use crate::{encoding::equiv_utf8_text, range::HttpRange};
|
use crate::{encoding::equiv_utf8_text, range::HttpRange};
|
||||||
|
|
||||||
@ -128,7 +127,7 @@ impl NamedFile {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let ct = from_path(&path).first_or_octet_stream();
|
let ct = mime_guess::from_path(&path).first_or_octet_stream();
|
||||||
|
|
||||||
let disposition = match ct.type_() {
|
let disposition = match ct.type_() {
|
||||||
mime::IMAGE | mime::TEXT | mime::AUDIO | mime::VIDEO => DispositionType::Inline,
|
mime::IMAGE | mime::TEXT | mime::AUDIO | mime::VIDEO => DispositionType::Inline,
|
||||||
@ -140,7 +139,9 @@ impl NamedFile {
|
|||||||
_ => DispositionType::Attachment,
|
_ => DispositionType::Attachment,
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut parameters = vec![DispositionParam::Filename(String::from(filename.as_ref()))];
|
// Replace newlines in filenames which could occur on some filesystems.
|
||||||
|
let filename_s = filename.replace('\n', "%0A");
|
||||||
|
let mut parameters = vec![DispositionParam::Filename(filename_s)];
|
||||||
|
|
||||||
if !filename.is_ascii() {
|
if !filename.is_ascii() {
|
||||||
parameters.push(DispositionParam::FilenameExt(ExtendedValue {
|
parameters.push(DispositionParam::FilenameExt(ExtendedValue {
|
||||||
|
Loading…
Reference in New Issue
Block a user