[HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-A…

…ccel-Mapping Currently BinaryFileResponse, when configured with X-Accel-Redirect sendfile type, will only substitute file paths specified in X-Accel-Mapping. But if the provided file path does not have a defined prefix, then the resulting header will include the absolute path. Nginx expects a valid URI, therefore this will result in an issue that is very hard to detect and debug as it will not show up in error logs and instead the request would just hang for some time and then be re-served without query parameters(?).
symfony · May 28, 2019 · a662f61 · a662f61
1 parent a26c6d3
commit a662f61
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php b/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
@@ -227,13 +227,18 @@ public function prepare(Request $request)
 
                         if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
                             $path = $location.substr($path, \strlen($pathPrefix));
+                            // Only set X-Accel-Redirect header if a valid URI can be produced
+                            // as nginx does not serve arbitrary file paths.
+                            $this->headers->set($type, $path);
+                            $this->maxlen = 0;
                             break;
                         }
                     }
                 }
+            } else {
+                $this->headers->set($type, $path);
+                $this->maxlen = 0;
             }
-            $this->headers->set($type, $path);
-            $this->maxlen = 0;
         } elseif ($request->headers->has('Range')) {
             // Process the range headers.
             if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {

diff --git a/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php b/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
@@ -338,6 +338,7 @@ public function getSampleXAccelMappings()
         return [
             ['/var/www/var/www/files/foo.txt', '/var/www/=/files/', '/files/var/www/files/foo.txt'],
             ['/home/foo/bar.txt', '/var/www/=/files/,/home/foo/=/baz/', '/baz/bar.txt'],
+            ['/tmp/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', null],
         ];
     }