Actions
Defect #27202
closed
if attachment filename contain semicolon ";" we get RecodNotFound error on web server puma
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Attachments
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
AttachmentController raise RecordNotFound if attachment filename does not match with http request parameter "filename"
def find_attachment
@attachment = Attachment.find(params[:id])
# Show 404 if the filename in the url is wrong
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
@project = @attachment.project
rescue ActiveRecord::RecordNotFound
render_404
end
if http parameter contain semicolon, webserver puma - drop it and characters after.
According to rfc1738 (https://tools.ietf.org/html/rfc1738#section-3.3) such behavior is correct, because semicolon is reserved symbol, and must be encoded in %3B (in url)
Puma issue (https://github.com/puma/puma/issues/1122) - here is little bit more information about trouble.
I try use attachment_path helper in app/views/attachments/_links.html.erb (instead hash in link_to), and it seems to be improve situation, url was encoded right, with %3B instead ";"
Files
Updated by Toshi MARUYAMA 
Updated by 
Actions