Presign V2: Unescape non-std queries in urls (#3549)

A client sends escaped characters in values of some query parameters in a presign url. This commit properly unescapes queires to fix signature calculation.
8 years ago · 95d9e47353
parent e1142e99f2
commit 95d9e47353
1 changed files with 11 additions and 6 deletions
--- a/cmd/signature-v2.go
+++ b/cmd/signature-v2.go
@ -111,13 +111,18 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
 		case "Expires":
 			expires, err = url.QueryUnescape(keyval[1])
 		default:
-			filteredQueries = append(filteredQueries, query)
+			unescapedQuery, qerr := url.QueryUnescape(query)
+			if qerr == nil {
+				filteredQueries = append(filteredQueries, unescapedQuery)
+			} else {
+				err = qerr
+			}
+		}
+		// Check if the query unescaped properly.
+		if err != nil {
+			errorIf(err, "Unable to unescape query values", queries)
+			return ErrInvalidQueryParams
 		}
-	}
-	// Check if the query unescaped properly.
-	if err != nil {
-		errorIf(err, "Unable to unescape query values", queries)
-		return ErrInvalidQueryParams
 	}

 	// Invalid access key.