From a662f61e089800b0b4c379a4f64dd49468d431a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vilius=20Grigali=C5=ABnas?= <vilius.grigaliunas@gmail.com>
Date: Fri, 24 May 2019 11:41:23 +0300
Subject: [PATCH] [HttpFoundation] Do not set X-Accel-Redirect for paths
 outside of X-Accel-Mapping

Currently BinaryFileResponse, when configured with X-Accel-Redirect sendfile type,
will only substitute file paths specified in X-Accel-Mapping. But if the provided
file path does not have a defined prefix, then the resulting header will include
the absolute path. Nginx expects a valid URI, therefore this will result in an
issue that is very hard to detect and debug as it will not show up in error logs
and instead the request would just hang for some time and then be re-served
without query parameters(?).
---
 .../Component/HttpFoundation/BinaryFileResponse.php      | 9 +++++++--
 .../HttpFoundation/Tests/BinaryFileResponseTest.php      | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php b/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
index cf648dfe9d54..6c9a995e9a31 100644
--- a/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
+++ b/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
@@ -227,13 +227,18 @@ public function prepare(Request $request)
 
                         if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
                             $path = $location.substr($path, \strlen($pathPrefix));
+                            // Only set X-Accel-Redirect header if a valid URI can be produced
+                            // as nginx does not serve arbitrary file paths.
+                            $this->headers->set($type, $path);
+                            $this->maxlen = 0;
                             break;
                         }
                     }
                 }
+            } else {
+                $this->headers->set($type, $path);
+                $this->maxlen = 0;
             }
-            $this->headers->set($type, $path);
-            $this->maxlen = 0;
         } elseif ($request->headers->has('Range')) {
             // Process the range headers.
             if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {
diff --git a/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php b/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
index c89f20d05a49..853b4bb3dfe1 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
@@ -338,6 +338,7 @@ public function getSampleXAccelMappings()
         return [
             ['/var/www/var/www/files/foo.txt', '/var/www/=/files/', '/files/var/www/files/foo.txt'],
             ['/home/foo/bar.txt', '/var/www/=/files/,/home/foo/=/baz/', '/baz/bar.txt'],
+            ['/tmp/bar.txt', '"/var/www/"="/files/", "/home/Foo/"="/baz/"', null],
         ];
     }