lib/distack/urlsign/signer.rb in distack-urlsign-0.3.2 vs lib/distack/urlsign/signer.rb in distack-urlsign-0.3.3
- old
+ new
@@ -57,10 +57,10 @@
digest = OpenSSL::Digest.new("sha512")
rawsig = OpenSSL::HMAC.digest(digest, @key, chunks.join)
signature = Base64.urlsafe_encode64(rawsig)
- if secure_compare(signature, URI.decode(q["_signature"]).to_s)
+ if secure_compare(signature, CGI.unescape(q["_signature"]).to_s)
new_url = url.dup
new_url.query = original_qs
new_url
else
raise InvalidSignatureError, "signature is invalid for #{url}"