From f77ec96707bbce99725c4cad2ef5aea70511c6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Mon, 24 Sep 2018 15:38:32 +0200 Subject: [PATCH] Uploaders.S3: Replace unsafe characters in object key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to [the S3 docs][s3], the characters safe for use in object keys are: * 0-9 * a-z * A-Z * ! * - * _ * . * * * ' * ( * ) (The / character is not listed but mentioned being safe outside of the list.) Several characters that are valid in filenames can cause problems, for example spaces are not valid in URLs and need to be escaped, sequences of spaces can become squeezed by S3, some characters like \ are documented to require “significant special handling”. To avoid these problems, this change encodes the filename before using it as part of the S3 object name by replacing all characters except those documented as “safe” with dashes. [s3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html --- lib/pleroma/uploaders/s3.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index ce0ed3e34f..87322753dd 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -10,7 +10,7 @@ def put_file(name, uuid, path, content_type, _should_dedupe) do File.rm!(path) - s3_name = "#{uuid}/#{name}" + s3_name = "#{uuid}/#{encode(name)}" {:ok, _} = ExAws.S3.put_object(bucket, s3_name, file_data, [ @@ -21,4 +21,8 @@ def put_file(name, uuid, path, content_type, _should_dedupe) do {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"} end + + defp encode(name) do + String.replace(name, ~r/[^0-9a-zA-Z!.*'()_-]/, "-") + end end