Skip to content

Fix URL safe string decoding for DownloadPublicObject API #3328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 3, 2024
Merged

Fix URL safe string decoding for DownloadPublicObject API #3328

merged 1 commit into from
May 3, 2024

Conversation

@cesnietor
Copy link
Collaborator

@cesnietor cesnietor commented May 3, 2024
edited
Loading

fixes: #3327

Similar to #3305 it uses url safe base64 decoding for the download of the object. Used in Share File functionality. The previous PR fixed the creation of the URL (encoding), this fixes the decoding of it.

Includes unittest.

Test steps:

With an existing bucket, folder and objects.

  • With different filenames e,.g. with .jpg, .svg, .png, spaces, etc
  • Click share file
  • Copy and paste the new url in the browser
  • The url should contain same url as Object browser
  • Object should be downloaded
  • Test injecting wrong urls (base64encoded)
  • Should return error or forbidden errors if url doesn't point to internal MinIO server

@cesnietor cesnietor self-assigned this May 3, 2024
@cesnietor cesnietor marked this pull request as ready for review May 3, 2024 20:35
@cesnietor cesnietor requested review from pjuarezd and prakashsvmx May 3, 2024 20:35
bayasdev
bayasdev approved these changes May 3, 2024
View reviewed changes
Copy link
Contributor

@bayasdev bayasdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cesnietor cesnietor requested a review from reivaj05 May 3, 2024 20:36
@cesnietor cesnietor merged commit cbeef2b into minio:master May 3, 2024
@hashworks hashworks mentioned this pull request May 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bexsoft bexsoft bexsoft approved these changes

@jinapurapu jinapurapu jinapurapu approved these changes

@allanrogerr allanrogerr Awaiting requested review from allanrogerr

@dvaldivia dvaldivia Awaiting requested review from dvaldivia

@kaankabalak kaankabalak Awaiting requested review from kaankabalak

@pjuarezd pjuarezd Awaiting requested review from pjuarezd

@prakashsvmx prakashsvmx Awaiting requested review from prakashsvmx

@reivaj05 reivaj05 Awaiting requested review from reivaj05

+1 more reviewer

@bayasdev bayasdev bayasdev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@cesnietor cesnietor

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"illegal base64 data at input byte" when using certain share URLs generated via Console 1.3.0

4 participants

@cesnietor @bexsoft @bayasdev @jinapurapu