Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keys for non-url friendly filenames are getting encoded multiple times. #113

Closed
jimjeffers opened this issue Oct 29, 2013 · 7 comments
Closed

Keys for non-url friendly filenames are getting encoded multiple times. #113

jimjeffers opened this issue Oct 29, 2013 · 7 comments

Comments

@jimjeffers
Copy link

Hi, I posted my problem on SO but I think it would be better served here. Original question can be seen here:

http://stackoverflow.com/questions/19645506/how-can-i-force-url-friendly-filenames-when-using-carrierwavedirect-in-ruby-on-r

I have users uploading files with non url friendly names. Mainly, filenames that include spaces. I have an admin area where moderators can approve a photo. In the admin tool the image_url works just fine. The image path is url escaped with %20 in place of the spaces. The trouble is when the moderator approves the photo I make a simple asynchronous JSON POST request which in simply does this:

 def approve
    photo = Photo.find(params[:id])
    status = photo.update_attribute :approved, true

    respond_to do |wants|
      ...
    end
  end

As a result of that call to update_attribute I see a SQL statement like this:

SQL: (1.7ms) UPDATE "photos" SET "approved" = 't', "image" = '02216914-1e9e-4b63-8ae6-80e24cb87f7a/5918%25201%2520photo.jpg', "updated_at" = '2013-10-29 05:31:31.779058' WHERE "photos"."id" = 302

Now the image path is broken as the database is storing a twice encoded string when the internal string shouldn't be encoded at all. At least, I don't think it should. I do not know why the image attribute is also being updated during this call. Any idea why this is and/or is there a better way to be managing non url-friendly filenames from user generated content?

  • Jim
@beebox
Copy link

beebox commented Nov 22, 2013

I'm seeing the same issue as well.

@JohnBernas
Copy link

Same here.

From what I could gather, this happens in carrierwave_direct/uploader.rb, def key method, when we derive the key from the url

self.key = URI.parse(URI.encode(url)).path[1 .. -1] # explicitly set key

if the url contains %20 (encoded spaces) when you encode again, it'll encode the % to %25, resulting in the final %2520.

If I replace the code above with

self.key = URI.decode(URI.parse(url).path[1 .. -1]) # explicitly set key

it seems to work, decoding the %20 to regular spaces again.

@remino
Copy link

remino commented Jan 11, 2014

+1 on this issue.

Sadly, the change proposed by @JohnBernas is not working for me.

@remino
Copy link

remino commented Jan 11, 2014

I changed the line mentioned above in master with the following:

self.key = URI.decode(URI.parse(URI.encode(url, " []+()")).path[1 .. -1]) # explicitly set key

That worked for me.

@nddeluca
Copy link
Collaborator

@remino Would you mind submitting a pull request with your change?

@remino
Copy link

remino commented Jan 17, 2014

Sure. Just sent a pull request: #124.

@vinniefranco vinniefranco mentioned this issue Apr 1, 2014
Merged
tombeynon added a commit to rawnet/carrierwave_direct that referenced this issue Jul 4, 2014
@tombeynon
Implemented fix for double-encoded file urls
03d1562 
See issue: dwilkie#113
@tyler-dot-earth tyler-dot-earth mentioned this issue Jul 29, 2014
Closed
@p8
Copy link
Collaborator

p8 commented Feb 21, 2015

This should be fixed on master with #155

@p8 p8 closed this as completed Feb 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jimjeffers @p8 @remino @JohnBernas @beebox @nddeluca