berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

more tests + changelog

This commit is contained in:
Ali MJ Al-Nasrawy 2021-12-29 15:34:03 +03:00
parent 82c0059811
commit 0d823d74e0
3 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
actix-files/CHANGES.md
View File

@ -1,8 +1,12 @@
# Changes
## Unreleased - 2021-xx-xx
- `Files`: `%2F` in request URL path is now decoded to `/` and thus functions as a path separator. [#2398]
- `Files`: Fixed a regression where `%25` in the URL path is not decoded to `%` in the file path. [#2398]
- Minimum supported Rust version (MSRV) is now 1.54.
[#2398]: https://github.com/actix/actix-web/pull/2398
## 0.6.0-beta.12 - 2021-12-29
- No significant changes since `0.6.0-beta.11`.

8
actix-files/src/files.rs
View File

@ -28,15 +28,15 @@ use crate::{
///
/// `Files` service must be registered with `App::service()` method.
///
/// # Security Coniderations
/// # Percent-Encoding and Security Considerations
///
/// When converting the request URL path into the target [file path](std::path::Path),
/// `Files` service *does* decode *all* percent-encoded chars in the path string.
/// `Files` service *does* decode *all* percent-encoded characters in the path string.
/// One implication is that the resulting file path may have more components than the URL path
/// as a result of decoding `%2F` into `/`.
///
/// Any middleware that is responsibe for validating the paths managed under `Files`
/// should be aware of this behvaior.
/// Any middleware that is responsible for validating the paths managed under `Files`
/// should be aware of this behavior.
///
/// # Examples
/// ```

9
actix-files/src/lib.rs
View File

@ -802,6 +802,15 @@ mod tests {
let req = TestRequest::get().uri("/test/%43argo.toml").to_request();
let res = test::call_service(&srv, req).await;
assert_eq!(res.status(), StatusCode::OK);
// `%2F` == `/`
let req = TestRequest::get().uri("/test/%2F..%2F..%2Ftests%2Ftest.binary").to_request();
let res = test::call_service(&srv, req).await;
assert_eq!(res.status(), StatusCode::OK);
let req = TestRequest::get().uri("/test/Cargo.toml%00").to_request();
let res = test::call_service(&srv, req).await;
assert_eq!(res.status(), StatusCode::NOT_FOUND);
}
#[actix_rt::test]