From 55f45b4e5b641eaa6911115ff4d4df8f884b2c3b Mon Sep 17 00:00:00 2001 From: Andy Burke Date: Tue, 12 Aug 2025 15:33:32 -0700 Subject: [PATCH] fix: ensure we decode uri encoded filenames --- deno.json | 2 +- handlers/static.ts | 2 +- tests/01_static_files.test.ts | 9 ++++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/deno.json b/deno.json index ce885e7..a4e3e23 100644 --- a/deno.json +++ b/deno.json @@ -1,7 +1,7 @@ { "name": "@andyburke/serverus", "description": "A flexible HTTP server for mixed content. Throw static files, markdown, Typescript and (hopefully, eventually) more into a directory and serverus can serve it up a bit more like old-school CGI.", - "version": "0.12.4", + "version": "0.12.5", "license": "MIT", "exports": { ".": "./serverus.ts", diff --git a/handlers/static.ts b/handlers/static.ts index 72149bf..1a8d378 100644 --- a/handlers/static.ts +++ b/handlers/static.ts @@ -279,7 +279,7 @@ export default async function handle_static_files(request: Request, server: SERV } const url = new URL(request.url); - const normalized_path = path.resolve(path.normalize(url.pathname).replace(/^\/+/, '')); + const normalized_path = path.resolve(path.normalize(decodeURIComponent(url.pathname)).replace(/^\/+/, '')); // if they're requesting something outside the working dir, just bail if (!normalized_path.startsWith(Deno.cwd())) { diff --git a/tests/01_static_files.test.ts b/tests/01_static_files.test.ts index b673112..1291e2f 100644 --- a/tests/01_static_files.test.ts +++ b/tests/01_static_files.test.ts @@ -321,9 +321,12 @@ Deno.test({ put_body.delete('file'); test_file = undefined; - const get_response = await fetch(`http://${test_server_info.hostname}:${test_server_info.port}/files/2Q==(30).txt`, { - method: 'GET' - }); + const get_response = await fetch( + `http://${test_server_info.hostname}:${test_server_info.port}/files/${encodeURIComponent('2Q==(30).txt')}`, + { + method: 'GET' + } + ); asserts.assert(get_response.ok); asserts.assert(get_response.body);