use Rack::Utils.unescape_path to unescape paths

Escaping and unescaping paths is different than query parameters, and we need to respect that. This commit uses the new method in Rack to escape and unescape paths. Fixes #11816
2022-11-09 12:12:34 -05:00 · 2015-09-04 14:43:46 -07:00 · 2015-09-04 14:43:46 -07:00 · e25fdad2f1
commit e25fdad2f1
parent 451b954c2f
2 changed files with 4 additions and 4 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -29,7 +29,7 @@ GIT

 GIT
  remote: git://github.com/rack/rack.git
-  revision: 6c4160b8c5173299f4b49ea2c9e4aab76f6b9054
+  revision: 4080d56bb30f26a2f09053de702896104b5fb64d
  branch: master
  specs:
    rack (2.0.0.alpha)
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@ -28,7 +28,7 @@ module ActionDispatch
    # Used by the `Static` class to check the existence of a valid file
    # in the server's `public/` directory (see Static#call).
    def match?(path)
-      path = URI.parser.unescape(path)
+      path = ::Rack::Utils.unescape_path path
      return false unless path.valid_encoding?
      path = Rack::Utils.clean_path_info path

@ -43,7 +43,7 @@ module ActionDispatch
        end

      }
-        return ::Rack::Utils.escape(match)
+        return ::Rack::Utils.escape_path(match)
      end
    end

@ -90,7 +90,7 @@ module ActionDispatch
      def gzip_file_path(path)
        can_gzip_mime = content_type(path) =~ /\A(?:text\/|application\/javascript)/
        gzip_path     = "#{path}.gz"
-        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape(gzip_path)))
+        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path)))
          gzip_path
        else
          false