Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

allow '.' characters in base 64-encoded (obfuscated) path, which get …

…replaced with '=' characters before decoding
  • Loading branch information...
commit 566533ed8da83b783c9de2dcf8604af7f165850b 1 parent efcc999
needfeed authored May 15, 2012
5  README.mdown
Source Rendered
@@ -34,12 +34,10 @@ Feel free to help out with some of these :)
34 34
 
35 35
   * specify crop size and offset
36 36
   * create rounded corners
37  
-  * try mounting inside a Rails app
38 37
   * Rails helper for generating image tags that use imageproxy
39 38
   * X-Sendfile / X-Accel-Redirect header
40 39
   * better documentation
41 40
   * signature generation testing tool
42  
-  * package as a gem?
43 41
   * nice error messages for improper API use
44 42
   * performance
45 43
 
@@ -168,6 +166,9 @@ You may obfuscate your requests by Base64 encoding and then URL encoding your qu
168 166
     http://example.com/convert?_=c3JjPWh0dHA6Ly9leGFtcGxlLmNvbS9kb2cuanBnJnJlc2l6ZT0xMHgxMA%3D%3D
169 167
     http://example.com/convert/-/c3JjPWh0dHA6Ly9leGFtcGxlLmNvbS9kb2cuanBnJnJlc2l6ZT0xMHgxMA%3D%3D
170 168
 
  169
+You can also replace the "=" characters in the Base64-encoded strings with "." characters which may make it possible to
  170
+avoid having to percent-escape.
  171
+
171 172
 ### Example requests
172 173
 
173 174
 CloudFront-compatible URLs:
8  lib/imageproxy/options.rb
@@ -54,18 +54,22 @@ def unescape_signature
54 54
 
55 55
     def merge_obfuscated
56 56
       if @hash["_"]
57  
-        decoded = Base64.decode64(CGI.unescape(@hash["_"]))
  57
+        decoded = decode64(CGI.unescape(@hash["_"]))
58 58
         decoded_hash = CGI.parse(decoded)
59 59
         @hash.delete "_"
60 60
         decoded_hash.map { |k, v| @hash[k] = (v.class == Array) ? v.first : v }
61 61
       end
62 62
 
63 63
       if @hash["-"]
64  
-        decoded = Base64.decode64(CGI.unescape(@hash["-"]))
  64
+        decoded = decode64(CGI.unescape(@hash["-"]))
65 65
         decoded_hash = Hash[*decoded.split('/').reject { |s| s.nil? || s.empty? }]
66 66
         @hash.delete "-"
67 67
         decoded_hash.map { |k, v| @hash[k] = (v.class == Array) ? v.first : v }
68 68
       end
69 69
     end
  70
+
  71
+    def decode64(encoded)
  72
+      Base64.decode64(encoded.gsub(".", "="))
  73
+    end
70 74
   end
71 75
 end
10  spec/options_spec.rb
@@ -60,6 +60,16 @@
60 60
       options.resize.should == "20x20"
61 61
       options.source.should == "http://example.com/dog.jpg"
62 62
     end
  63
+
  64
+    it "should allow padding with dots instead of equals signs" do
  65
+      encoded = Base64.encode64("resize/20x20/source/http%3A%2F%2Fexample.com%2Fdo.jpg")
  66
+      encoded.should include "="
  67
+      encoded.gsub! "=", "."
  68
+      escaped = CGI.escape(encoded)
  69
+      options = Imageproxy::Options.new "/convert/-/#{escaped}", {}
  70
+      options.resize.should == "20x20"
  71
+      options.source.should == "http://example.com/do.jpg"
  72
+    end
63 73
   end
64 74
 
65 75
   describe "quality" do

0 notes on commit 566533e

Please sign in to comment.
Something went wrong with that request. Please try again.