chore(actix-files): prepare release 0.6.4

Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.23.0 to 2.23.7.
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/v2.23.0...v2.23.7)

---
updated-dependencies:
- dependency-name: taiki-e/install-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/ci-post-merge.yml

@@ -45,7 +45,7 @@ jobs:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.0
+        uses: taiki-e/install-action@v2.23.7
         with:
           tool: cargo-hack
 
@@ -71,7 +71,7 @@ jobs:
 
       - name: Clear the cargo caches
         run: |
-          cargo install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean
+          cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean
           cargo-cache
 
   ci_feature_powerset_check:
@@ -85,7 +85,7 @@ jobs:
         uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
 
       - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.0
+        uses: taiki-e/install-action@v2.23.7
         with:
           tool: cargo-hack
 
@@ -106,7 +106,7 @@ jobs:
         uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
 
       - name: Install nextest
-        uses: taiki-e/install-action@v2.23.0
+        uses: taiki-e/install-action@v2.23.7
         with:
           tool: nextest
 

.github/workflows/ci.yml

@@ -50,7 +50,7 @@ jobs:
           toolchain: ${{ matrix.version.version }}
 
       - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.0
+        uses: taiki-e/install-action@v2.23.7
         with:
           tool: cargo-hack
 

.github/workflows/coverage.yml

@@ -23,7 +23,7 @@ jobs:
           components: llvm-tools-preview
 
       - name: Install cargo-llvm-cov
-        uses: taiki-e/install-action@v2.23.0
+        uses: taiki-e/install-action@v2.23.7
         with:
           tool: cargo-llvm-cov
 

actix-files/CHANGES.md

@@ -2,6 +2,9 @@
 
 ## Unreleased
 
+## 0.6.4
+
+- Fix handling of newlines in filenames.
 - Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.
 
 ## 0.6.3

actix-files/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-files"
-version = "0.6.3"
+version = "0.6.4"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Rob Ede <robjtede@icloud.com>",

actix-files/README.md

@@ -3,11 +3,11 @@
 > Static file serving for Actix Web
 
 [![crates.io](https://img.shields.io/crates/v/actix-files?label=latest)](https://crates.io/crates/actix-files)
-[![Documentation](https://docs.rs/actix-files/badge.svg?version=0.6.3)](https://docs.rs/actix-files/0.6.3)
+[![Documentation](https://docs.rs/actix-files/badge.svg?version=0.6.4)](https://docs.rs/actix-files/0.6.4)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![License](https://img.shields.io/crates/l/actix-files.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-files/0.6.3/status.svg)](https://deps.rs/crate/actix-files/0.6.3)
+[![dependency status](https://deps.rs/crate/actix-files/0.6.4/status.svg)](https://deps.rs/crate/actix-files/0.6.4)
 [![Download](https://img.shields.io/crates/d/actix-files.svg)](https://crates.io/crates/actix-files)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 

actix-files/src/lib.rs

@@ -568,6 +568,27 @@ mod tests {
         assert_eq!(bytes, data);
     }
 
+    #[actix_rt::test]
+    async fn test_static_files_with_newlines() {
+        // Create the file we want to test against ad-hoc. We can't check it in as otherwise
+        // Windows can't even checkout this repository.
+        let temp_dir = tempfile::tempdir().unwrap();
+        let file_with_newlines = temp_dir.path().join("test\nnewline.text");
+        fs::write(&file_with_newlines, "Look at my newlines").unwrap();
+
+        let srv = test::init_service(
+            App::new().service(Files::new("/", temp_dir.path()).index_file("Cargo.toml")),
+        )
+        .await;
+        let request = TestRequest::get().uri("/test%0Anewline.text").to_request();
+        let response = test::call_service(&srv, request).await;
+        assert_eq!(response.status(), StatusCode::OK);
+
+        let bytes = test::read_body(response).await;
+        let data = web::Bytes::from(fs::read(file_with_newlines).unwrap());
+        assert_eq!(bytes, data);
+    }
+
     #[actix_rt::test]
     async fn test_files_not_allowed() {
         let srv = test::init_service(App::new().service(Files::new("/", "."))).await;
@@ -840,9 +861,9 @@ mod tests {
 
     #[actix_rt::test]
     async fn test_percent_encoding_2() {
-        let tmpdir = tempfile::tempdir().unwrap();
+        let temp_dir = tempfile::tempdir().unwrap();
         let filename = match cfg!(unix) {
-            true => "ض:?#[]{}<>()@!$&'`|*+,;= %20.test",
+            true => "ض:?#[]{}<>()@!$&'`|*+,;= %20\n.test",
             false => "ض#[]{}()@!$&'`+,;= %20.test",
         };
         let filename_encoded = filename
@@ -852,9 +873,9 @@ mod tests {
                 write!(&mut buf, "%{:02X}", c).unwrap();
                 buf
             });
-        std::fs::File::create(tmpdir.path().join(filename)).unwrap();
+        std::fs::File::create(temp_dir.path().join(filename)).unwrap();
 
-        let srv = test::init_service(App::new().service(Files::new("", tmpdir.path()))).await;
+        let srv = test::init_service(App::new().service(Files::new("/", temp_dir.path()))).await;
 
         let req = TestRequest::get()
             .uri(&format!("/{}", filename_encoded))

actix-files/src/named.rs

@@ -24,7 +24,6 @@ use bitflags::bitflags;
 use derive_more::{Deref, DerefMut};
 use futures_core::future::LocalBoxFuture;
 use mime::Mime;
-use mime_guess::from_path;
 
 use crate::{encoding::equiv_utf8_text, range::HttpRange};
 
@@ -128,7 +127,7 @@ impl NamedFile {
                 }
             };
 
-            let ct = from_path(&path).first_or_octet_stream();
+            let ct = mime_guess::from_path(&path).first_or_octet_stream();
 
             let disposition = match ct.type_() {
                 mime::IMAGE | mime::TEXT | mime::AUDIO | mime::VIDEO => DispositionType::Inline,
@@ -140,7 +139,9 @@ impl NamedFile {
                 _ => DispositionType::Attachment,
             };
 
-            let mut parameters = vec![DispositionParam::Filename(String::from(filename.as_ref()))];
+            // Replace newlines in filenames which could occur on some filesystems.
+            let filename_s = filename.replace('\n', "%0A");
+            let mut parameters = vec![DispositionParam::Filename(filename_s)];
 
             if !filename.is_ascii() {
                 parameters.push(DispositionParam::FilenameExt(ExtendedValue {

actix-http/CHANGES.md

@@ -2,11 +2,20 @@
 
 ## Unreleased
 
+## 3.5.1
+
+### Fixed
+
+- Prevent hang when returning zero-sized response bodies through compression layer.
+
 ## 3.5.0
 
+### Added
+
+- Implement `From<HeaderMap>` for `http::HeaderMap`.
+
 ### Changed
 
-- Implement `From<HeaderMap>` for `http::HeaderMap`.
 - Updated `zstd` dependency to `0.13`.
 
 ### Fixed

actix-http/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-http"
-version = "3.5.0"
+version = "3.5.1"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Rob Ede <robjtede@icloud.com>",

actix-http/README.md

@@ -5,11 +5,11 @@
 <!-- prettier-ignore-start -->
 
 [![crates.io](https://img.shields.io/crates/v/actix-http?label=latest)](https://crates.io/crates/actix-http)
-[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.5.0)](https://docs.rs/actix-http/3.5.0)
+[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.5.1)](https://docs.rs/actix-http/3.5.1)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-http.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-http/3.5.0/status.svg)](https://deps.rs/crate/actix-http/3.5.0)
+[![dependency status](https://deps.rs/crate/actix-http/3.5.1/status.svg)](https://deps.rs/crate/actix-http/3.5.1)
 [![Download](https://img.shields.io/crates/d/actix-http.svg)](https://crates.io/crates/actix-http)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 

actix-http/src/encoding/encoder.rs

@@ -50,10 +50,21 @@ impl<B: MessageBody> Encoder<B> {
         }
     }
 
+    fn empty() -> Self {
+        Encoder {
+            body: EncoderBody::Full { body: Bytes::new() },
+            encoder: None,
+            fut: None,
+            eof: true,
+        }
+    }
+
     pub fn response(encoding: ContentEncoding, head: &mut ResponseHead, body: B) -> Self {
-        // no need to compress an empty body
-        if matches!(body.size(), BodySize::None | BodySize::Sized(0)) {
-            return Self::none();
+        // no need to compress empty bodies
+        match body.size() {
+            BodySize::None => return Self::none(),
+            BodySize::Sized(0) => return Self::empty(),
+            _ => {}
         }
 
         let should_encode = !(head.headers().contains_key(&CONTENT_ENCODING)

actix-router/CHANGES.md

@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+## 0.5.2
+
 - Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.
 
 ## 0.5.1

actix-router/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-router"
-version = "0.5.1"
+version = "0.5.2"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>",

actix-router/README.md

@@ -1,11 +1,11 @@
 # `actix-router`
 
 [![crates.io](https://img.shields.io/crates/v/actix-router?label=latest)](https://crates.io/crates/actix-router)
-[![Documentation](https://docs.rs/actix-router/badge.svg?version=0.5.1)](https://docs.rs/actix-router/0.5.1)
+[![Documentation](https://docs.rs/actix-router/badge.svg?version=0.5.2)](https://docs.rs/actix-router/0.5.2)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-router.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-router/0.5.1/status.svg)](https://deps.rs/crate/actix-router/0.5.1)
+[![dependency status](https://deps.rs/crate/actix-router/0.5.2/status.svg)](https://deps.rs/crate/actix-router/0.5.2)
 [![Download](https://img.shields.io/crates/d/actix-router.svg)](https://crates.io/crates/actix-router)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)