lib/kanoko/application/convert.rb in kanoko-0.1.2 vs lib/kanoko/application/convert.rb in kanoko-0.1.3

@@ -47,14 +47,13 @@
         hint_src = splat[argument.path.length..-1]
         unless hint_src
           logger.error "invalid url #{request_uri}"
           return 400
         end
-
-        hint_index = request_uri.to_s.index(hint_src)
+        hint_index = request_uri.to_s.index(argument.path) + argument.path.length + 1
         src_path = request_uri.to_s[hint_index..-1]
-
-        unless hash == Kanoko.make_hash(*(argument.to_a.flatten), src_path)
+        src_path_unescaped = URI.decode_www_form_component(src_path).force_encoding('UTF-8')
+        unless hash == Kanoko.make_hash(*(argument.to_a.flatten), src_path_unescaped)
           logger.error "hash check failed #{[*(argument.to_a.flatten), src_path]}"
           return 400
         end
 
         res = http_get(URI.parse("#{(request.secure? ? 'https' : 'http')}://#{src_path}"))