cloudinary_gem
cloudinary_gem copied to clipboard
cloudinary
Broken urls - Unsafe characters in public_id are not properly escaped by Cloudinary::Utils.cloudinary_url
Bug report for Cloudinary Ruby SDK
Before proceeding, please update to latest version and test if the issue persists
Describe the bug in a sentence or two.
Unsafe characters in public_id are not double-escaped by Cloudinary::Utils.cloudinary_url so it generates invalid urls.
The problem was discovered after using the public_id returned in the upload JSON.
Issue Type (Can be multiple)
- [ ] Build - Cannot install or import the SDK
- [ ] Performance - Performance issues
- [X] Behaviour - Functions are not working as expected (such as generate URL)
- [ ] Documentation - Inconsistency between the docs and behaviour
- [ ] Other (Specify)
Steps to reproduce
Current result (not working):
assert_match /%C3%A4%28/, Cloudinary::Utils.cloudinary_url('ä(')
Correct result:
assert_match /%25C3%25A4%2528/, Cloudinary::Utils.cloudinary_url('ä(')
Dirty workaround
module FixCloudinaryUtilsEscaping
def smart_escape(string, unsafe = %r{([^a-zA-Z\d_.\-/:! '*~]+)})
super(string, unsafe)
end
def finalize_source(source, format, url_suffix)
source, source_to_sign = super
[smart_escape(source).gsub(' ', '%20'), source_to_sign]
end
end
Edit: Updated workaround with escaping edge-cases
Hi Alexandre.
Thanks for raising this with us. I have created an internal ticket for the development team to address this. We'll update this thread with progress once we have some updates for you.
Thanks, -Danny
Hi Alexandre.
I've just heard back from the dev team and after some thorough testing, it seems there is no need to double escape as cloudinary_url generates the same url as we get from the upload API response.
If you're still experiencing issues, would you mind providing a little more context and some examples?
Many thanks, -Danny