Commits

Anonymous committed 3e852e1

change / and + to _ and - in base64-encoding of article keys, for full URL safety

Comments (0)

Files changed (5)

apps/wriaki/ebin/wriaki.app

              wriaki,
              wriaki_auth,
              diff,
+             base64url,
 
              wrc,
              wobj,

apps/wriaki/src/article.erl

 url(Article) ->
     case wobj:bucket(Article) of
         ?B_ARTICLE ->
-            ["/wiki/",base64:decode_to_string(wobj:key(Article))];
+            ["/wiki/",base64url:decode_to_string(wobj:key(Article))];
         ?B_ARCHIVE ->
-            ["/wiki/",base64:decode_to_string(
+            ["/wiki/",base64url:decode_to_string(
                         article_key_from_archive_key(
                           wobj:key(Article)))]
     end.

apps/wriaki/src/article_dtl_helper.erl

     end.
 
 key_urldecoded() ->
-    mochiweb_util:unquote(base64:decode_to_string(key())).
+    mochiweb_util:unquote(base64url:decode_to_string(key())).
 
 %% @spec path() -> iolist()
 %% @doc get the URL-path to the article

apps/wriaki/src/base64url.erl

+%% -------------------------------------------------------------------
+%%
+%% Copyright (c) 2009-2010 Basho Technologies, Inc.  All Rights Reserved.
+%%
+%% This file is provided to you under the Apache License,
+%% Version 2.0 (the "License"); you may not use this file
+%% except in compliance with the License.  You may obtain
+%% a copy of the License at
+%%
+%%   http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing,
+%% software distributed under the License is distributed on an
+%% "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+%% KIND, either express or implied.  See the License for the
+%% specific language governing permissions and limitations
+%% under the License.
+%%
+%% -------------------------------------------------------------------
+
+%% @doc base64url is a wrapper around the base64 module to produce
+%%      base64-compatible encodings that are URL safe.
+%%      The / character in normal base64 encoding is replaced with
+%%      the _ character, and + is replaced with -.
+%%      This replacement scheme is named "base64url" by
+%%      http://en.wikipedia.org/wiki/Base64
+
+-module(base64url).
+
+-export([decode/1,
+         decode_to_string/1,
+         encode/1,
+         encode_to_string/1,
+         mime_decode/1,
+         mime_decode_to_string/1]).
+
+decode(Base64url) ->
+    base64:decode(urldecode(Base64url)).
+
+decode_to_string(Base64url) ->
+    base64:decode_to_string(urldecode(Base64url)).
+
+mime_decode(Base64url) ->
+    base64:mime_decode(urldecode(Base64url)).
+
+mime_decode_to_string(Base64url) ->
+    base64:mime_decode_to_string(urldecode(Base64url)).
+
+encode(Data) ->
+    urlencode(base64:encode(Data)).
+
+encode_to_string(Data) ->
+    urlencode(base64:encode_to_string(Data)).
+
+urlencode(Base64) when is_list(Base64) ->
+    [urlencode_digit(D) || D <- Base64];
+urlencode(Base64) when is_binary(Base64) ->
+    << << (urlencode_digit(D)) >> || <<D>> <= Base64 >>.
+
+urldecode(Base64url) when is_list(Base64url) ->
+    [urldecode_digit(D) || D <- Base64url ];
+urldecode(Base64url) when is_binary(Base64url) ->
+    << << (urldecode_digit(D)) >> || <<D>> <= Base64url >>.
+
+urlencode_digit($/) -> $_;
+urlencode_digit($+) -> $-;
+urlencode_digit(D)  -> D.
+
+urldecode_digit($_) -> $/;
+urldecode_digit($-) -> $+;
+urldecode_digit(D)  -> D.

apps/wriaki/src/wiki_resource.erl

     wrq:get_qs_value(ModeName, RD) /= undefined.
 
 search_path(RD) ->
-    base64:encode(wrq:disp_path(RD)).
+    base64url:encode(wrq:disp_path(RD)).
 
 finish_request(RD, Ctx) ->
     case wrq:response_code(RD) of
     Article = article:create(search_path(RD),
                              list_to_binary(
                                [<<"= This page describes ">>,
-                                mochiweb_html:escape(mochiweb_util:unquote(base64:decode_to_string(search_path(RD)))),
+                                mochiweb_html:escape(mochiweb_util:unquote(base64url:decode_to_string(search_path(RD)))),
                                 <<" =\n">>]),
                              <<>>,
                              undefined,
 
 render_404(RD, Ctx) ->
     {ok, C} = error_404_dtl:render([{req, wrq_dtl_helper:new(RD)},
-                                    {search, mochiweb_util:unquote(base64:decode_to_string(search_path(RD)))}]),
+                                    {search, mochiweb_util:unquote(base64url:decode_to_string(search_path(RD)))}]),
     {C, RD, Ctx}.
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.