Unverified Commit d765b340 authored by Benjamin Neff's avatar Benjamin Neff Committed by Dennis Schubert

Make sure URLs are encoded before sending them to camo

Otherwise camo crashes with:
TypeError [ERR_UNESCAPED_CHARACTERS]: Request path contains unescaped characters

closes #7871
parent b6333e0b
......@@ -7,6 +7,7 @@
* Add compatibility with macOS to `script/configure_bundler` [#7830](https://github.com/diaspora/diaspora/pull/7830)
* Fix comment and like notifications on posts without text [#7857](https://github.com/diaspora/diaspora/pull/7857) [#7853](https://github.com/diaspora/diaspora/pull/7853)
* Fix issue with some language fallbacks not working correctly [#7861](https://github.com/diaspora/diaspora/pull/7861)
* Make sure URLs are encoded before sending them to camo [#7871](https://github.com/diaspora/diaspora/pull/7871)
## Features
* Add `web+diaspora://` link handler [#7826](https://github.com/diaspora/diaspora/pull/7826)
......
......@@ -17,6 +17,8 @@ module Diaspora
return unless url
return url unless self.url_eligible?(url)
url = Addressable::URI.encode(Addressable::URI.unencode(url))
digest = OpenSSL::HMAC.hexdigest(
OpenSSL::Digest.new('sha1'),
AppConfig.privacy.camo.key,
......
......@@ -32,6 +32,23 @@ describe Diaspora::Camo do
it 'should rewrite external URLs' do
expect(Diaspora::Camo.image_url(@raw_image_url)).to eq(@camo_image_url)
end
context "URL encoding" do
let(:camo_image_url) {
AppConfig.privacy.camo.root +
"bbafe590034b976852f9a46dbcc7709e1a8e7dfb/68747470733a2f2f6578616d706c652e636f6d2f2543332541312543332541392" \
"543332542333f666f6f3d254333254134254333254243254333254236266261723d61254343253830"
}
it "should encode URLs before sending to camo" do
expect(Diaspora::Camo.image_url("https://example.com/áéó?foo=äüö&bar=à")).to eq(camo_image_url)
end
it "should not double encode already encoded URLs" do
expect(Diaspora::Camo.image_url("https://example.com/%C3%A1%C3%A9%C3%B3?foo=%C3%A4%C3%BC%C3%B6&bar=a%CC%80"))
.to eq(camo_image_url)
end
end
end
describe '#from_markdown' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment