bug #31654 [HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping (vilius-g)
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
https://github.com/symfony/symfony/pull/31604 but refactored for 3.4
Commits
-------
a662f61e08 [HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping
This commit is contained in:
Nicolas Grekas
commit
326a74c7b9
@ -227,13 +227,18 @@ class BinaryFileResponse extends Response
|
||||
|
||||
if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
|
||||
$path = $location.substr($path, \strlen($pathPrefix));
|
||||
// Only set X-Accel-Redirect header if a valid URI can be produced
|
||||
// as nginx does not serve arbitrary file paths.
|
||||
$this->headers->set($type, $path);
|
||||
$this->maxlen = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$this->headers->set($type, $path);
|
||||
$this->maxlen = 0;
|
||||
}
|
||||
$this->headers->set($type, $path);
|
||||
$this->maxlen = 0;
|
||||
} elseif ($request->headers->has('Range')) {
|
||||
// Process the range headers.
|
||||
if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {
|
||||
|
||||
@ -338,6 +338,7 @@ class BinaryFileResponseTest extends ResponseTestCase
|
||||
return [
|
||||
['/var/www/var/www/files/foo.txt', '/var/www/=/files/', '/files/var/www/files/foo.txt'],
|
||||
['/home/foo/bar.txt', '/var/www/=/files/,/home/foo/=/baz/', '/baz/bar.txt'],
|
||||
['/tmp/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', null],
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user