Open shineability opened 7 months ago
Blob, but the issue occurs in the Common package...
When your blob/resource name has a + character in it , the signature verification fails.
+
Generate a SAS token with any resource containing a + character.
$resourceContainingPlusCharacter = 'package-test/azure+logo-plus.jpg'; $token = BlobSharedAccessSignatureHelper::generateBlobServiceSharedAccessSignatureToken( Resources::RESOURCE_TYPE_BLOB, $resourceContainingPlusCharacter, ... );
https://github.com/Azure/azure-storage-php/blob/4cd7470e517022faa80bed98d3c7518aa512ea97/azure-storage-common/src/Common/SharedAccessSignatureHelper.php#L329
Using urldecode here decodes a + to a space, which changes the resource to package-test/azure logo-plus.jpg before generating the signature.
urldecode
package-test/azure logo-plus.jpg
Using rawurldecode fixes the issue, but not decoding also works, not sure why the resource needs to be decoded here in the first place?
rawurldecode
Which service(blob, file, queue, table) does this issue concern?
Blob, but the issue occurs in the Common package...
Which version of the SDK was used?
What problem was encountered?
When your blob/resource name has a
+character in it , the signature verification fails.Steps to reproduce the issue?
Generate a SAS token with any resource containing a
+character.https://github.com/Azure/azure-storage-php/blob/4cd7470e517022faa80bed98d3c7518aa512ea97/azure-storage-common/src/Common/SharedAccessSignatureHelper.php#L329
Using
urldecodehere decodes a+to a space, which changes the resource topackage-test/azure logo-plus.jpgbefore generating the signature.Have you found a mitigation/solution?
Using
rawurldecodefixes the issue, but not decoding also works, not sure why the resource needs to be decoded here in the first place?