From 5beba647310829acc89ff45137343507c74002fc Mon Sep 17 00:00:00 2001
From: Philippe Durix <philippe.durix@me.com>
Date: Mon, 20 Jul 2015 17:10:34 +0200
Subject: [PATCH] Used URI_INSTANCE unescape method instead of wild unescape
 function in the static files path computation

---
 lib/sinatra/base.rb         |  2 +-
 test/public/hello+world.txt |  1 +
 test/static_test.rb         | 30 ++++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 test/public/hello+world.txt

diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
index 12b9ae79..593d698b 100644
--- a/lib/sinatra/base.rb
+++ b/lib/sinatra/base.rb
@@ -1034,7 +1034,7 @@ module Sinatra
     # a matching file is found, returns nil otherwise.
     def static!(options = {})
       return if (public_dir = settings.public_folder).nil?
-      path = File.expand_path("#{public_dir}#{unescape(request.path_info)}" )
+      path = File.expand_path("#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}" )
       return unless File.file?(path)
 
       env['sinatra.static_file'] = path
diff --git a/test/public/hello+world.txt b/test/public/hello+world.txt
new file mode 100644
index 00000000..abd09d0c
--- /dev/null
+++ b/test/public/hello+world.txt
@@ -0,0 +1 @@
+This is a test intended for the + sign in urls for static serving
\ No newline at end of file
diff --git a/test/static_test.rb b/test/static_test.rb
index 988ef041..a00c5cf2 100644
--- a/test/static_test.rb
+++ b/test/static_test.rb
@@ -233,4 +233,34 @@ class StaticTest < Minitest::Test
     assert response.headers.include?('Last-Modified')
   end
 
+  it 'serves files with a + sign in the path' do
+    mock_app do
+      set :static, true
+      set :public_folder, File.join(File.dirname(__FILE__), 'public')
+    end
+    
+    get "/hello+world.txt"
+    
+    real_path = File.join(File.dirname(__FILE__), 'public', 'hello+world.txt')
+    assert ok?
+    assert_equal File.read(real_path), body
+    assert_equal File.size(real_path).to_s, response['Content-Length']
+    assert response.headers.include?('Last-Modified')
+  end
+
+  it 'serves files with a URL encoded + sign (%2B) in the path' do
+    mock_app do
+      set :static, true
+      set :public_folder, File.join(File.dirname(__FILE__), 'public')
+    end
+    
+    get "/hello%2bworld.txt"
+    
+    real_path = File.join(File.dirname(__FILE__), 'public', 'hello+world.txt')
+    assert ok?
+    assert_equal File.read(real_path), body
+    assert_equal File.size(real_path).to_s, response['Content-Length']
+    assert response.headers.include?('Last-Modified')
+  end
+
 end