This repository was archived by the owner on May 8, 2024. It is now read-only.
Description Which service(blob, file, queue, table) does this issue concern?
Blob , but the issue occurs in the Common package...
Which version of the SDK was used?
microsoft/azure-storage-common: 1.5.2
microsoft/azure-storage-blob: 1.5.4
What problem was encountered?
When your blob/resource name has a + character in it , the signature verification fails.
Steps to reproduce the issue?
Generate a SAS token with any resource containing a + character.
$resourceContainingPlusCharacter = 'package-test/azure+logo-plus.jpg';
$token = BlobSharedAccessSignatureHelper::generateBlobServiceSharedAccessSignatureToken(
Resources::RESOURCE_TYPE_BLOB,
$resourceContainingPlusCharacter,
...
);
return urldecode (sprintf ('/%s/%s/%s ' , $ serviceName , $ accountName , $ resource ));
Using urldecode here decodes a + to a space, which changes the resource to package-test/azure logo-plus.jpg before generating the signature.
Have you found a mitigation/solution?
Using rawurldecode fixes the issue, but not decoding also works, not sure why the resource needs to be decoded here in the first place?
Reactions are currently unavailable
Which service(blob, file, queue, table) does this issue concern?
Blob, but the issue occurs in the Common package...
Which version of the SDK was used?
What problem was encountered?
When your blob/resource name has a
+character in it , the signature verification fails.Steps to reproduce the issue?
Generate a SAS token with any resource containing a
+character.azure-storage-php/azure-storage-common/src/Common/SharedAccessSignatureHelper.php
Line 329 in 4cd7470
Using
urldecodehere decodes a+to a space, which changes the resource topackage-test/azure logo-plus.jpgbefore generating the signature.Have you found a mitigation/solution?
Using
rawurldecodefixes the issue, but not decoding also works, not sure why the resource needs to be decoded here in the first place?