lib/cloudinary/auth_token.rb in cloudinary-1.9.0 vs lib/cloudinary/auth_token.rb in cloudinary-1.9.1
- old
+ new
@@ -7,10 +7,11 @@
module Cloudinary
module AuthToken
SEPARATOR = '~'
+ UNSAFE = /[ "#%&\'\/:;<=>?@\[\\\]^`{\|}~]/
def self.generate(options = {})
key = options[:key]
raise "Missing auth token key configuration" unless key
name = options[:token_name] || "__cld_token__"
@@ -54,11 +55,14 @@
private
# escape URI pattern using lowercase hex. For example "/" -> "%2f".
def self.escape_to_lower(url)
- CGI::escape(url).gsub(/%../) { |h| h.downcase }
+ Utils.smart_escape(url, UNSAFE).gsub(/%[0-9A-F]{2}/) do |h|
+ h.downcase
+ end.force_encoding(Encoding::US_ASCII)
end
+
def self.digest(message, key)
bin_key = Array(key).pack("H*")
digest = OpenSSL::Digest::SHA256.new
OpenSSL::HMAC.hexdigest(digest, bin_key, message)
\ No newline at end of file