Decode string to sign before creating the signature (#167)

Author: nadavofi

lib/utils.js

@@ -492,6 +492,13 @@ exports.url = (public_id, options = {}) ->
   transformation = transformation.replace(/([^:])\/\//g, '$1/')
   if sign_url && _.isEmpty(auth_token)
     to_sign = [transformation, source_to_sign].filter((part) -> part? && part != '').join('/')
+    i = 0;
+    try
+      while (to_sign != decodeURIComponent(to_sign) && i<10)
+        to_sign = decodeURIComponent(to_sign)
+        i++
+    catch
+      
     shasum = crypto.createHash('sha1')
     shasum.update(utf8_encode(to_sign + api_secret), 'binary')
     signature = shasum.digest('base64').replace(/\//g, '_').replace(/\+/g, '-').substring(0, 8)

lib/utils.js.map

@@ -104,6 +104,10 @@ describe "utils", ->
     expected_signature = utils.url("test", format:"jpg", angle:0, sign_url:true).match(/s--[0-9A-Za-z_-]{8}--/).toString()
     test_cloudinary_url("test", {url_suffix:"hello", private_cdn:true, format:"jpg", angle:0, sign_url:true}, "http://#{cloud_name}-res.cloudinary.com/images/#{expected_signature}/a_0/test/hello.jpg", {})
 
+  it "should sign the decoded form of a url" , ->
+    expected_signature = utils.url("%25a%20(b)", format:"jpg", sign_url:true).match(/s--[0-9A-Za-z_-]{8}--/).toString()
+    test_cloudinary_url("%25a%20(b)", {format:"jpg", sign_url:true}, "http://res.cloudinary.com/#{cloud_name}/image/upload/#{expected_signature}/%25a%20(b).jpg", {})
+
   it "should support url_suffix for raw uploads" , ->
     test_cloudinary_url("test", {url_suffix:"hello", private_cdn:true, resource_type:'raw'}, "http://#{cloud_name}-res.cloudinary.com/files/test/hello", {})