400 Bad Request for files containing a % character

[chetbox]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.26.1

fastify-static version 7.0.3

Plugin version

No response

Node.js version

18.16.1 (Electron 26 with node-integration)

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

14.4.1

Description

When a filename contains a % character fastify-static always returns 400 Bad Request.

This is how we set up fastify-static:

      fastifyApp.register(fastifyStatic, {
        prefix: '/assets/',
        root: path.join(projectDirectory, 'assets'),
      });

This is the content of the HTTP 400 error returned when requesting the file https://localhost:12094/assets/bunny%20%25%25%20copy.mp4:

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Bad Request"
}

I have tracked the issue down to pumpSendToReply which calls send() with the filename after URI decoding the path from the URL.

But it seems send() tried to URI-decode the path again:

Note that path ends up as null because of the %% in the filename.

Link to code that reproduces the bug

No response

Expected Behavior

When requesting the same copy of the file at the path https://localhost:12094/assets/bunny.mp4 I get the content of /assets/bunny.mp4 as expected.
Similarly, I expect the request for https://localhost:12094/assets/bunny%20%25%25%20copy.mp4 to return the contents of /assets/bunny %% copy.mp4.