Defect #27202
Updated by Toshi MARUYAMA over 6 years ago
AttachmentController raise RecordNotFound if attachment filename does not match with http request parameter "filename" <pre><code class="ruby"> <pre> def find_attachment @attachment = Attachment.find(params[:id]) # Show 404 if the filename in the url is wrong raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename @project = @attachment.project rescue ActiveRecord::RecordNotFound render_404 end </code></pre> </pre> if http parameter contain semicolon, webserver puma - drop it and characters after. According to rfc1738 (https://tools.ietf.org/html/rfc1738#section-3.3) such behavior is correct, because semicolon is reserved symbol, and must be encoded in %3B (in url) Puma issue (https://github.com/puma/puma/issues/1122) - here is little bit more information about trouble. I try use attachment_path helper in app/views/attachments/_links.html.erb (instead hash in link_to), and it seems to be improve situation, url was encoded right, with %3B instead ";"