From ae476008430c90be39b08da3a59376821613cce1 Mon Sep 17 00:00:00 2001
From: sapphi-red <49056869+sapphi-red@users.noreply.github.com>
Date: Sun, 30 Apr 2023 21:31:16 +0900
Subject: [PATCH 1/3] fix(deps): update sirv to 2.0.3

---
 package.json                                  |  4 ++--
 packages/vite/package.json                    |  2 +-
 .../{sirv@2.0.2.patch => sirv@2.0.3.patch}    |  8 +++----
 playground/lib/package.json                   |  3 +++
 playground/package.json                       |  3 +--
 pnpm-lock.yaml                                | 23 ++++++++++---------
 6 files changed, 23 insertions(+), 20 deletions(-)
 rename patches/{sirv@2.0.2.patch => sirv@2.0.3.patch} (89%)

diff --git a/package.json b/package.json
index 50b64f5124956e..2dd7730e80f000 100644
--- a/package.json
+++ b/package.json
@@ -123,8 +123,8 @@
     },
     "patchedDependencies": {
       "dotenv-expand@9.0.0": "patches/dotenv-expand@9.0.0.patch",
-      "sirv@2.0.2": "patches/sirv@2.0.2.patch",
-      "chokidar@3.5.3": "patches/chokidar@3.5.3.patch"
+      "chokidar@3.5.3": "patches/chokidar@3.5.3.patch",
+      "sirv@2.0.3": "patches/sirv@2.0.3.patch"
     }
   },
   "stackblitz": {
diff --git a/packages/vite/package.json b/packages/vite/package.json
index 585a860264fee2..fe235d74083e95 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -123,7 +123,7 @@
     "postcss-modules": "^6.0.0",
     "resolve.exports": "^2.0.2",
     "rollup-plugin-license": "^3.0.1",
-    "sirv": "^2.0.2",
+    "sirv": "^2.0.3",
     "source-map-js": "^1.0.2",
     "source-map-support": "^0.5.21",
     "strip-ansi": "^7.0.1",
diff --git a/patches/sirv@2.0.2.patch b/patches/sirv@2.0.3.patch
similarity index 89%
rename from patches/sirv@2.0.2.patch
rename to patches/sirv@2.0.3.patch
index 051c1292da455e..0a758e89369c9c 100644
--- a/patches/sirv@2.0.2.patch
+++ b/patches/sirv@2.0.3.patch
@@ -1,5 +1,5 @@
 diff --git a/build.js b/build.js
-index b046ee138b1f9047c70beaeea7279d3476d7e8cd..574ce1410a1344a4db292803d05c303f8c03767c 100644
+index 0884d9ffaa24d0ae3ec020a6faff12b3125b2071..85b82c90346e829bbf723e913f282c80096df061 100644
 --- a/build.js
 +++ b/build.js
 @@ -35,7 +35,7 @@ function viaCache(cache, uri, extns) {
@@ -19,7 +19,7 @@ index b046ee138b1f9047c70beaeea7279d3476d7e8cd..574ce1410a1344a4db292803d05c303f
  			headers = toHeaders(name, stats, isEtag);
  			headers['Cache-Control'] = isEtag ? 'no-cache' : 'no-store';
  			return { abs, stats, headers };
-@@ -172,7 +173,7 @@ module.exports = function (dir, opts={}) {
+@@ -176,7 +177,7 @@ module.exports = function (dir, opts={}) {
  			catch (err) { /* malform uri */ }
  		}
  
@@ -29,7 +29,7 @@ index b046ee138b1f9047c70beaeea7279d3476d7e8cd..574ce1410a1344a4db292803d05c303f
  
  		if (isEtag && req.headers['if-none-match'] === data.headers['ETag']) {
 diff --git a/build.mjs b/build.mjs
-index fe01068d0dd3f788a0978802db1747dd83c5825e..fb099c38cc2cbd59300471e7307625e2fc127f0c 100644
+index c93bbe6bdfb7ad13ee20f0c44d80d6aacdd64087..3dc3e22f09abcae51aef7b75c34dc08b1f6e6abd 100644
 --- a/build.mjs
 +++ b/build.mjs
 @@ -35,7 +35,7 @@ function viaCache(cache, uri, extns) {
@@ -49,7 +49,7 @@ index fe01068d0dd3f788a0978802db1747dd83c5825e..fb099c38cc2cbd59300471e7307625e2
  			headers = toHeaders(name, stats, isEtag);
  			headers['Cache-Control'] = isEtag ? 'no-cache' : 'no-store';
  			return { abs, stats, headers };
-@@ -172,7 +173,7 @@ export default function (dir, opts={}) {
+@@ -176,7 +177,7 @@ export default function (dir, opts={}) {
  			catch (err) { /* malform uri */ }
  		}
  
diff --git a/playground/lib/package.json b/playground/lib/package.json
index 89b3f8fb909c06..ab62eed6ce2f20 100644
--- a/playground/lib/package.json
+++ b/playground/lib/package.json
@@ -7,5 +7,8 @@
     "build": "vite build",
     "debug": "node --inspect-brk ../../packages/vite/bin/vite",
     "preview": "vite preview"
+  },
+  "devDependencies": {
+    "sirv": "^2.0.3"
   }
 }
diff --git a/playground/package.json b/playground/package.json
index 8a0b3574a318a1..fc131d3f5f50bb 100644
--- a/playground/package.json
+++ b/playground/package.json
@@ -9,7 +9,6 @@
     "convert-source-map": "^2.0.0",
     "css-color-names": "^1.0.1",
     "kill-port": "^1.6.1",
-    "node-fetch": "^3.3.1",
-    "sirv": "^2.0.2"
+    "node-fetch": "^3.3.1"
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 6540cd1371fa07..5e807f54d74b89 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -12,9 +12,9 @@ patchedDependencies:
   dotenv-expand@9.0.0:
     hash: dccccn23nvejzy75sgiosdt2au
     path: patches/dotenv-expand@9.0.0.patch
-  sirv@2.0.2:
-    hash: hmoqtj4vy3i7wnpchga2a2mu3y
-    path: patches/sirv@2.0.2.patch
+  sirv@2.0.3:
+    hash: z45f224eewh2pgpijxcc3aboqm
+    path: patches/sirv@2.0.3.patch
 
 importers:
 
@@ -387,8 +387,8 @@ importers:
         specifier: ^3.0.1
         version: 3.0.1(rollup@3.21.0)
       sirv:
-        specifier: ^2.0.2
-        version: 2.0.2(patch_hash=hmoqtj4vy3i7wnpchga2a2mu3y)
+        specifier: ^2.0.3
+        version: 2.0.3(patch_hash=z45f224eewh2pgpijxcc3aboqm)
       source-map-js:
         specifier: ^1.0.2
         version: 1.0.2
@@ -431,9 +431,6 @@ importers:
       node-fetch:
         specifier: ^3.3.1
         version: 3.3.1
-      sirv:
-        specifier: ^2.0.2
-        version: 2.0.2(patch_hash=hmoqtj4vy3i7wnpchga2a2mu3y)
 
   playground/alias:
     dependencies:
@@ -693,7 +690,11 @@ importers:
         specifier: ^5.17.1
         version: 5.17.1
 
-  playground/lib: {}
+  playground/lib:
+    devDependencies:
+      sirv:
+        specifier: ^2.0.3
+        version: 2.0.3(patch_hash=z45f224eewh2pgpijxcc3aboqm)
 
   playground/minify: {}
 
@@ -9093,8 +9094,8 @@ packages:
     requiresBuild: true
     dev: true
 
-  /sirv@2.0.2(patch_hash=hmoqtj4vy3i7wnpchga2a2mu3y):
-    resolution: {integrity: sha512-4Qog6aE29nIjAOKe/wowFTxOdmbEZKb+3tsLljaBRzJwtqto0BChD2zzH0LhgCSXiI+V7X+Y45v14wBZQ1TK3w==}
+  /sirv@2.0.3(patch_hash=z45f224eewh2pgpijxcc3aboqm):
+    resolution: {integrity: sha512-O9jm9BsID1P+0HOi81VpXPoDxYP374pkOLzACAoyUQ/3OUVndNpsz6wMnY2z+yOxzbllCKZrM+9QrWsv4THnyA==}
     engines: {node: '>= 10'}
     dependencies:
       '@polka/url': 1.0.0-next.21

From 11c97c187715bc2e827abeae64985a95d75f22d8 Mon Sep 17 00:00:00 2001
From: sapphi-red <49056869+sapphi-red@users.noreply.github.com>
Date: Sun, 30 Apr 2023 21:31:36 +0900
Subject: [PATCH 2/3] fix: change decode/encode

---
 packages/vite/src/node/server/middlewares/static.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts
index 13904ce04922a4..28ea57e87dca94 100644
--- a/packages/vite/src/node/server/middlewares/static.ts
+++ b/packages/vite/src/node/server/middlewares/static.ts
@@ -101,7 +101,7 @@ export function serveStaticMiddleware(
     }
 
     const url = new URL(req.url!, 'http://example.com')
-    const pathname = decodeURIComponent(url.pathname)
+    const pathname = decodeURI(url.pathname)
 
     // apply aliases to static requests as well
     let redirectedPathname: string | undefined
@@ -135,7 +135,7 @@ export function serveStaticMiddleware(
     }
 
     if (redirectedPathname) {
-      url.pathname = encodeURIComponent(redirectedPathname)
+      url.pathname = encodeURI(redirectedPathname)
       req.url = url.href.slice(url.origin.length)
     }
 
@@ -159,7 +159,7 @@ export function serveRawFsMiddleware(
     // the paths are rewritten to `/@fs/` prefixed paths and must be served by
     // searching based from fs root.
     if (url.pathname.startsWith(FS_PREFIX)) {
-      const pathname = decodeURIComponent(url.pathname)
+      const pathname = decodeURI(url.pathname)
       // restrict files outside of `fs.allow`
       if (
         !ensureServingAccess(
@@ -175,7 +175,7 @@ export function serveRawFsMiddleware(
       let newPathname = pathname.slice(FS_PREFIX.length)
       if (isWindows) newPathname = newPathname.replace(/^[A-Z]:/i, '')
 
-      url.pathname = encodeURIComponent(newPathname)
+      url.pathname = encodeURI(newPathname)
       req.url = url.href.slice(url.origin.length)
       serveFromRoot(req, res, next)
     } else {

From 5f273be6f448c3066db2667ff065ed326448e95b Mon Sep 17 00:00:00 2001
From: sapphi-red <49056869+sapphi-red@users.noreply.github.com>
Date: Sun, 30 Apr 2023 22:00:51 +0900
Subject: [PATCH 3/3] test: update test

---
 playground/fs-serve/__tests__/fs-serve.spec.ts | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/playground/fs-serve/__tests__/fs-serve.spec.ts b/playground/fs-serve/__tests__/fs-serve.spec.ts
index 9713e57850228a..8fab74d1bed7e3 100644
--- a/playground/fs-serve/__tests__/fs-serve.spec.ts
+++ b/playground/fs-serve/__tests__/fs-serve.spec.ts
@@ -43,14 +43,12 @@ describe.runIf(isServe)('main', () => {
   })
 
   test('unsafe fetch with special characters (#8498)', async () => {
-    expect(await page.textContent('.unsafe-fetch-8498')).toMatch(
-      '403 Restricted',
-    )
-    expect(await page.textContent('.unsafe-fetch-8498-status')).toBe('403')
+    expect(await page.textContent('.unsafe-fetch-8498')).toBe('')
+    expect(await page.textContent('.unsafe-fetch-8498-status')).toBe('404')
   })
 
   test('unsafe fetch with special characters 2 (#8498)', async () => {
-    expect(await page.textContent('.unsafe-fetch-8498-2')).toMatch('')
+    expect(await page.textContent('.unsafe-fetch-8498-2')).toBe('')
     expect(await page.textContent('.unsafe-fetch-8498-2-status')).toBe('404')
   })
 
@@ -78,7 +76,7 @@ describe.runIf(isServe)('main', () => {
 
   test('unsafe fs fetch with special characters (#8498)', async () => {
     expect(await page.textContent('.unsafe-fs-fetch-8498')).toBe('')
-    expect(await page.textContent('.unsafe-fs-fetch-8498-status')).toBe('403')
+    expect(await page.textContent('.unsafe-fs-fetch-8498-status')).toBe('404')
   })
 
   test('unsafe fs fetch with special characters 2 (#8498)', async () => {