From 0d823d74e06f2af1ccf9c87a59d7649df1b7d5c2 Mon Sep 17 00:00:00 2001
From: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
Date: Wed, 29 Dec 2021 15:34:03 +0300
Subject: [PATCH] more tests + changelog

---
 actix-files/CHANGES.md   | 4 ++++
 actix-files/src/files.rs | 8 ++++----
 actix-files/src/lib.rs   | 9 +++++++++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md
index c626fd3fb..78da2688f 100644
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@@ -1,8 +1,12 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+- `Files`: `%2F` in request URL path is now decoded to  `/` and thus functions as a path separator. [#2398]
+- `Files`: Fixed a regression where `%25` in the URL path is not decoded to `%` in the file path. [#2398]
 - Minimum supported Rust version (MSRV) is now 1.54.
 
+[#2398]: https://github.com/actix/actix-web/pull/2398
+
 
 ## 0.6.0-beta.12 - 2021-12-29
 - No significant changes since `0.6.0-beta.11`.
diff --git a/actix-files/src/files.rs b/actix-files/src/files.rs
index d55009d21..9d35472bc 100644
--- a/actix-files/src/files.rs
+++ b/actix-files/src/files.rs
@@ -28,15 +28,15 @@ use crate::{
 ///
 /// `Files` service must be registered with `App::service()` method.
 ///
-/// # Security Coniderations
+/// # Percent-Encoding and Security Considerations
 ///
 /// When converting the request URL path into the target [file path](std::path::Path),
-/// `Files` service *does* decode *all* percent-encoded chars in the path string.
+/// `Files` service *does* decode *all* percent-encoded characters in the path string.
 /// One implication is that the resulting file path may have more components than the URL path
 /// as a result of decoding `%2F` into `/`.
 ///
-/// Any middleware that is responsibe for validating the paths managed under `Files`
-/// should be aware of this behvaior.
+/// Any middleware that is responsible for validating the paths managed under `Files`
+/// should be aware of this behavior.
 ///
 /// # Examples
 /// ```
diff --git a/actix-files/src/lib.rs b/actix-files/src/lib.rs
index 050c7df69..8ae937fbc 100644
--- a/actix-files/src/lib.rs
+++ b/actix-files/src/lib.rs
@@ -802,6 +802,15 @@ mod tests {
         let req = TestRequest::get().uri("/test/%43argo.toml").to_request();
         let res = test::call_service(&srv, req).await;
         assert_eq!(res.status(), StatusCode::OK);
+
+        // `%2F` == `/`
+        let req = TestRequest::get().uri("/test/%2F..%2F..%2Ftests%2Ftest.binary").to_request();
+        let res = test::call_service(&srv, req).await;
+        assert_eq!(res.status(), StatusCode::OK);
+
+        let req = TestRequest::get().uri("/test/Cargo.toml%00").to_request();
+        let res = test::call_service(&srv, req).await;
+        assert_eq!(res.status(), StatusCode::NOT_FOUND);
     }
 
     #[actix_rt::test]