aws-s3 AWS::S3::Connection.prepare_path doesn't properly escape plus sign '+' in key

AWS::S3::Connection.prepare_path doesn't properly escape plus sign '+' in key

Open tekwiz opened this issue 15 years ago • 2 comments

AWS::S3::Connection.prepare_path isn't properly escaping the plus sign in a key. This is because the plus sign is sometimes used to represent a space (at least according to the Ruby devs) i.e. the URI.escape() doesn't convert '+' to '%2B'...

Solution: Add a special gsub on line 11 i.e. URI.escape(path) to

URI.escape(path).gsub('+', '%2B')

Sep 02 '09 17:09 tekwiz

I have anecdotal evidence that & and ' are also not escaped correctly, and therefore the line in connection.rb should actually be:

      URI.escape(path).gsub('&',CGI.escape('&')).gsub('+',CGI.escape('+')).gsub('\'', CGI.escape('\''))

Mar 15 '11 20:03 yegct

Created pull request here:

https://github.com/marcel/aws-s3/pull/57

Apr 24 '12 20:04 leejones

aws-s3 aws-s3 copied to clipboard

AWS::S3::Connection.prepare_path doesn't properly escape plus sign '+' in key

aws-s3
aws-s3 copied to clipboard