This project is archived and is in readonly mode.

#2473 ✓stale

Rails::Rack::Static dies with "%00" in URL

Reported by Tietew | April 10th, 2009 @ 08:28 AM | in 3.x

Rails::Rack::Static dies when the request URL contains "%00". The browser will receive no HTTP response.

It should respond 404 Not Found or 400 Bad Request. For example, Apache will respond 404 Not Found always when the request URL contains "%00".

Following is a script/server's log when http://localhost:4002/%00 is requested.

=> Booting Mongrel
=> Rails 2.3.2 application starting on
=> Call with -d to detach
=> Ctrl-C to shutdown server
Fri Apr 10 16:18:39 +0900 2009: Read error: #<ArgumentError: string contains null byte>
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/rack/static.rb:37:in `file?'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/rack/static.rb:37:in `file_exist?'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/rack/static.rb:18:in `call'

Comments and changes to this ticket

  • Jeremy Kemper

    Jeremy Kemper May 4th, 2010 @ 06:48 PM

    • Milestone changed from 2.x to 3.x
  • Rohit Arondekar

    Rohit Arondekar October 14th, 2010 @ 02:35 PM

    • State changed from “new” to “open”
    • Importance changed from “” to “Low”

    This still happens in Rails 3.0.

  • Ryan Bigg

    Ryan Bigg October 19th, 2010 @ 08:31 AM

    • Tag cleared.

    Automatic cleanup of spam.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:47 PM

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:47 PM

    • State changed from “open” to “stale”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>