Make sure URLs are encoded before sending them to camo

Otherwise camo crashes with: TypeError [ERR_UNESCAPED_CHARACTERS]: Request path contains unescaped characters closes #7871

Make sure URLs are encoded before sending them to camo
Otherwise camo crashes with: TypeError [ERR_UNESCAPED_CHARACTERS]: Request path contains unescaped characters closes #7871
d765b340 · Benjamin Neff · Dennis Schubert · b6333e0b · d765b340 · d765b340
Unverified Commit d765b340 authored Sep 30, 2018 by Benjamin Neff Committed by Dennis Schubert Sep 30, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

Changelog.md Changelog.md +1 -0

camo.rb lib/diaspora/camo.rb +2 -0

camo_spec.rb spec/lib/diaspora/camo_spec.rb +17 -0

No files found.
--- a/Changelog.md
+++ b/Changelog.md
@@ -7,6 +7,7 @@
 * Add compatibility with macOS to `script/configure_bundler` [#7830](https://github.com/diaspora/diaspora/pull/7830)
 * Fix comment and like notifications on posts without text [#7857](https://github.com/diaspora/diaspora/pull/7857) [#7853](https://github.com/diaspora/diaspora/pull/7853)
 * Fix issue with some language fallbacks not working correctly [#7861](https://github.com/diaspora/diaspora/pull/7861)
+* Make sure URLs are encoded before sending them to camo [#7871](https://github.com/diaspora/diaspora/pull/7871)

 ## Features
 * Add `web+diaspora://` link handler [#7826](https://github.com/diaspora/diaspora/pull/7826)

--- a/lib/diaspora/camo.rb
+++ b/lib/diaspora/camo.rb
@@ -17,6 +17,8 @@ module Diaspora
      return unless url
      return url unless self.url_eligible?(url)

+      url = Addressable::URI.encode(Addressable::URI.unencode(url))
+
      digest = OpenSSL::HMAC.hexdigest(
        OpenSSL::Digest.new('sha1'),
        AppConfig.privacy.camo.key,

--- a/spec/lib/diaspora/camo_spec.rb
+++ b/spec/lib/diaspora/camo_spec.rb
@@ -32,6 +32,23 @@ describe Diaspora::Camo do
    it 'should rewrite external URLs' do
      expect(Diaspora::Camo.image_url(@raw_image_url)).to eq(@camo_image_url)
    end
+
+    context "URL encoding" do
+      let(:camo_image_url) {
+        AppConfig.privacy.camo.root +
+          "bbafe590034b976852f9a46dbcc7709e1a8e7dfb/68747470733a2f2f6578616d706c652e636f6d2f2543332541312543332541392" \
+          "543332542333f666f6f3d254333254134254333254243254333254236266261723d61254343253830"
+      }
+
+      it "should encode URLs before sending to camo" do
+        expect(Diaspora::Camo.image_url("https://example.com/áéó?foo=äüö&bar=à")).to eq(camo_image_url)
+      end
+
+      it "should not double encode already encoded URLs" do
+        expect(Diaspora::Camo.image_url("https://example.com/%C3%A1%C3%A9%C3%B3?foo=%C3%A4%C3%BC%C3%B6&bar=a%CC%80"))
+          .to eq(camo_image_url)
+      end
+    end
  end

  describe '#from_markdown' do