Uploaders.S3: Replace unsafe characters in object key

According to [the S3 docs][s3], the characters safe for use in object keys are:

* 0-9
* a-z
* A-Z
* !
* -
* _
* .
* *
* '
* (
* )

(The / character is not listed but mentioned being safe outside of the list.)

Several characters that are valid in filenames can cause problems, for example
spaces are not valid in URLs and need to be escaped,
sequences of spaces can become squeezed by S3,
some characters like \ are documented to require “significant special handling”.

To avoid these problems, this change encodes the filename
before using it as part of the S3 object name
by replacing all characters except those documented as “safe” with dashes.

[s3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html

diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex
index ce0ed3e34f38ae8ff72ce0dd8c766287a2fbc8a5..87322753dd97b29e0ad23226a1d2819b7e53c604 100644 (file)
--- a/lib/pleroma/uploaders/s3.ex
+++ b/lib/pleroma/uploaders/s3.ex
@@ -10,7 +10,7 @@ defmodule Pleroma.Uploaders.S3 do
 
     File.rm!(path)
 
-    s3_name = "#{uuid}/#{name}"
+    s3_name = "#{uuid}/#{encode(name)}"
 
     {:ok, _} =
       ExAws.S3.put_object(bucket, s3_name, file_data, [
@@ -21,4 +21,8 @@ defmodule Pleroma.Uploaders.S3 do
 
     {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"}
   end
+
+  defp encode(name) do
+    String.replace(name, ~r/[^0-9a-zA-Z!.*'()_-]/, "-")
+  end
 end