bug #31654 [HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping (vilius-g)
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
https://github.com/symfony/symfony/pull/31604 but refactored for 3.4
Commits
-------
a662f61e08
[HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping
This commit is contained in:
commit
326a74c7b9
@ -227,13 +227,18 @@ class BinaryFileResponse extends Response
|
|||||||
|
|
||||||
if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
|
if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
|
||||||
$path = $location.substr($path, \strlen($pathPrefix));
|
$path = $location.substr($path, \strlen($pathPrefix));
|
||||||
|
// Only set X-Accel-Redirect header if a valid URI can be produced
|
||||||
|
// as nginx does not serve arbitrary file paths.
|
||||||
|
$this->headers->set($type, $path);
|
||||||
|
$this->maxlen = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
$this->headers->set($type, $path);
|
$this->headers->set($type, $path);
|
||||||
$this->maxlen = 0;
|
$this->maxlen = 0;
|
||||||
|
}
|
||||||
} elseif ($request->headers->has('Range')) {
|
} elseif ($request->headers->has('Range')) {
|
||||||
// Process the range headers.
|
// Process the range headers.
|
||||||
if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {
|
if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {
|
||||||
|
@ -338,6 +338,7 @@ class BinaryFileResponseTest extends ResponseTestCase
|
|||||||
return [
|
return [
|
||||||
['/var/www/var/www/files/foo.txt', '/var/www/=/files/', '/files/var/www/files/foo.txt'],
|
['/var/www/var/www/files/foo.txt', '/var/www/=/files/', '/files/var/www/files/foo.txt'],
|
||||||
['/home/foo/bar.txt', '/var/www/=/files/,/home/foo/=/baz/', '/baz/bar.txt'],
|
['/home/foo/bar.txt', '/var/www/=/files/,/home/foo/=/baz/', '/baz/bar.txt'],
|
||||||
|
['/tmp/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', null],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user