forces request query param values to be escaped

Michael S. Kazmier · Michael S. Kazmier · commit 02552554f309 · 2017-12-14T09:41:28.000-07:00
diff --git a/lib/api_auth/headers.rb b/lib/api_auth/headers.rb
@@ -94,11 +94,26 @@ def sign_header(header)
     private
 
     def parse_uri(uri)
-      parsed_uri = URI.parse(uri)
-
-      return parsed_uri.request_uri if parsed_uri.respond_to?(:request_uri)
+      uri_without_host = uri.gsub(URI_WITHOUT_HOST_REGEXP, '')
+      return '/' if uri_without_host.empty?
+      escape_params(uri_without_host)
+    end
 
-      uri.empty? ? '/' : uri
+    # Different version of request parsers escape/unescape the param values
+    # This will force param values to escaped
+    def escape_params(uri)
+      unescaped_uri = CGI.unescape(uri)
+      uri_array = unescaped_uri.split('?')
+      return uri unless uri_array.length > 1
+      params = uri_array[1].split('&')
+      encoded_params = ""
+      params.each do |param|
+        next unless param.include?('=')
+        encoded_params += '&' if encoded_params.length.positive?
+        split_param = param.split('=')
+        encoded_params += split_param[0] + '=' + CGI.escape(split_param[1])
+      end
+      uri_array[0] + '?' + encoded_params
     end
   end
 end
