From 357a49d4b97db865454994a91fc6de58c01862fd Mon Sep 17 00:00:00 2001 From: Jeremy Collins Date: Mon, 11 Nov 2019 15:31:38 -0500 Subject: [PATCH 1/3] Convert empty spaces back to '+' in crop commands This happens when a user agent encodes the plus as %20. --- src/mod_dims_ops.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/mod_dims_ops.c b/src/mod_dims_ops.c index e4f7c04..a316dff 100644 --- a/src/mod_dims_ops.c +++ b/src/mod_dims_ops.c @@ -205,6 +205,25 @@ dims_crop_operation (dims_request_rec *d, char *args, char **err) { RectangleInfo rec; ExceptionInfo ex_info; + /* Replace blank spaces with '+'. This happens when some user agents + * inadvertantly escape the '+' as %20 which gets converted to a blank space. + * + * Example: + * + * 900x900%20350%200 is '900x900 350 0' which is an invalid, the following code + * coverts this to '900x900+350+0'. + * + */ + char *s = args; + while (*s) { + if (*s == ' ') { + *s = '+'; + } + + s++; + } + + flags = ParseGravityGeometry(GetImageFromMagickWand(d->wand), args, &rec, &ex_info); if(!(flags & AllValues)) { *err = "Parsing crop geometry failed"; From 94ce6633c49a97b81b759a2298be8b4dbea1025b Mon Sep 17 00:00:00 2001 From: Jeremy Collins Date: Mon, 11 Nov 2019 15:33:19 -0500 Subject: [PATCH 2/3] Formatting --- src/mod_dims_ops.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/mod_dims_ops.c b/src/mod_dims_ops.c index a316dff..33424d8 100644 --- a/src/mod_dims_ops.c +++ b/src/mod_dims_ops.c @@ -205,8 +205,8 @@ dims_crop_operation (dims_request_rec *d, char *args, char **err) { RectangleInfo rec; ExceptionInfo ex_info; - /* Replace blank spaces with '+'. This happens when some user agents - * inadvertantly escape the '+' as %20 which gets converted to a blank space. + /* Replace spaces with '+'. This happens when some user agents inadvertantly + * escape the '+' as %20 which gets converted to a space. * * Example: * @@ -218,9 +218,9 @@ dims_crop_operation (dims_request_rec *d, char *args, char **err) { while (*s) { if (*s == ' ') { *s = '+'; - } + } - s++; + s++; } From 292c2d9891b06c6d9dcf8e8d282ce7e8e5cc251e Mon Sep 17 00:00:00 2001 From: Jeremy Collins Date: Mon, 11 Nov 2019 16:16:56 -0500 Subject: [PATCH 3/3] Ensure signature is calculated with '+' instead of a space --- src/mod_dims.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/mod_dims.c b/src/mod_dims.c index 9cfb2d0..8c15f56 100755 --- a/src/mod_dims.c +++ b/src/mod_dims.c @@ -1194,8 +1194,19 @@ dims_handle_request(dims_request_rec *d) } } + // Convert %20 (space) back to '+' in commands. This is fixes an issue with "+" being encoded as %20 by some clients. + char *commands = apr_pstrdup(d->r->pool, d->unparsed_commands); + char *s = commands; + while (*s) { + if (*s == ' ') { + *s = '+'; + } + + s++; + } + // Standard signature params. - char *signature_params = apr_pstrcat(d->pool, expires_str, d->client_config->secret_key, d->unparsed_commands, d->image_url, NULL); + char *signature_params = apr_pstrcat(d->pool, expires_str, d->client_config->secret_key, commands, d->image_url, NULL); // Concatenate additional params. char *token;