Permalink
Browse files

allow '.' characters in base 64-encoded (obfuscated) path, which get …

…replaced with '=' characters before decoding
  • Loading branch information...
needfeed committed May 16, 2012
1 parent efcc999 commit 566533ed8da83b783c9de2dcf8604af7f165850b
Showing with 19 additions and 4 deletions.
  1. +3 −2 README.mdown
  2. +6 −2 lib/imageproxy/options.rb
  3. +10 −0 spec/options_spec.rb
View
@@ -34,12 +34,10 @@ Feel free to help out with some of these :)
* specify crop size and offset
* create rounded corners
- * try mounting inside a Rails app
* Rails helper for generating image tags that use imageproxy
* X-Sendfile / X-Accel-Redirect header
* better documentation
* signature generation testing tool
- * package as a gem?
* nice error messages for improper API use
* performance
@@ -168,6 +166,9 @@ You may obfuscate your requests by Base64 encoding and then URL encoding your qu
http://example.com/convert?_=c3JjPWh0dHA6Ly9leGFtcGxlLmNvbS9kb2cuanBnJnJlc2l6ZT0xMHgxMA%3D%3D
http://example.com/convert/-/c3JjPWh0dHA6Ly9leGFtcGxlLmNvbS9kb2cuanBnJnJlc2l6ZT0xMHgxMA%3D%3D
+You can also replace the "=" characters in the Base64-encoded strings with "." characters which may make it possible to
+avoid having to percent-escape.
+
### Example requests
CloudFront-compatible URLs:
@@ -54,18 +54,22 @@ def unescape_signature
def merge_obfuscated
if @hash["_"]
- decoded = Base64.decode64(CGI.unescape(@hash["_"]))
+ decoded = decode64(CGI.unescape(@hash["_"]))
decoded_hash = CGI.parse(decoded)
@hash.delete "_"
decoded_hash.map { |k, v| @hash[k] = (v.class == Array) ? v.first : v }
end
if @hash["-"]
- decoded = Base64.decode64(CGI.unescape(@hash["-"]))
+ decoded = decode64(CGI.unescape(@hash["-"]))
decoded_hash = Hash[*decoded.split('/').reject { |s| s.nil? || s.empty? }]
@hash.delete "-"
decoded_hash.map { |k, v| @hash[k] = (v.class == Array) ? v.first : v }
end
end
+
+ def decode64(encoded)
+ Base64.decode64(encoded.gsub(".", "="))
+ end
end
end
View
@@ -60,6 +60,16 @@
options.resize.should == "20x20"
options.source.should == "http://example.com/dog.jpg"
end
+
+ it "should allow padding with dots instead of equals signs" do
+ encoded = Base64.encode64("resize/20x20/source/http%3A%2F%2Fexample.com%2Fdo.jpg")
+ encoded.should include "="
+ encoded.gsub! "=", "."
+ escaped = CGI.escape(encoded)
+ options = Imageproxy::Options.new "/convert/-/#{escaped}", {}
+ options.resize.should == "20x20"
+ options.source.should == "http://example.com/do.jpg"
+ end
end
describe "quality" do

0 comments on commit 566533e

Please sign in to comment.