[HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping
Currently BinaryFileResponse, when configured with X-Accel-Redirect sendfile type, will only substitute file paths specified in X-Accel-Mapping. But if the provided file path does not have a defined prefix, then the resulting header will include the absolute path. Nginx expects a valid URI, therefore this will result in an issue that is very hard to detect and debug as it will not show up in error logs and instead the request would just hang for some time and then be re-served without query parameters(?).
This commit is contained in:
Vilius Grigaliūnas
parent
a26c6d348d
commit
a662f61e08
@ -227,13 +227,18 @@ class BinaryFileResponse extends Response
|
||||
|
||||
if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
|
||||
$path = $location.substr($path, \strlen($pathPrefix));
|
||||
// Only set X-Accel-Redirect header if a valid URI can be produced
|
||||
// as nginx does not serve arbitrary file paths.
|
||||
$this->headers->set($type, $path);
|
||||
$this->maxlen = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$this->headers->set($type, $path);
|
||||
$this->maxlen = 0;
|
||||
}
|
||||
$this->headers->set($type, $path);
|
||||
$this->maxlen = 0;
|
||||
} elseif ($request->headers->has('Range')) {
|
||||
// Process the range headers.
|
||||
if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {
|
||||
|
||||
@ -338,6 +338,7 @@ class BinaryFileResponseTest extends ResponseTestCase
|
||||
return [
|
||||
['/var/www/var/www/files/foo.txt', '/var/www/=/files/', '/files/var/www/files/foo.txt'],
|
||||
['/home/foo/bar.txt', '/var/www/=/files/,/home/foo/=/baz/', '/baz/bar.txt'],
|
||||
['/tmp/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', null],
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user