From: Casey Bodley <cbodley@redhat.com>
Date: Fri, 26 Jan 2024 14:53:30 +0000 (-0500)
Subject: rgw/rest: fix url decode of post params for iam/sts/sns
X-Git-Tag: v17.2.8~242^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=931b4a6f3b3c2e5894db64b1c50e422c8ec7c8d4;p=ceph.git

rgw/rest: fix url decode of post params for iam/sts/sns

add the `in_query=true` argument to `url_decode()` to replace '+' with ' '

Fixes: https://tracker.ceph.com/issues/64189

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 4bdc5d18dd68b95c6ccd4c0e77a1bd04ad86dbb8)

Conflicts:
	src/rgw/rgw_rest_pubsub.cc no topic policy or SetTopicAttributes
	src/rgw/rgw_rest_s3.cc no parse_post_action() from fbbc52aecf3548706b8d5ff49a57200aebc03d54
---

diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc
index f63018d189b..b31697a860a 100644
--- a/src/rgw/rgw_rest_iam.cc
+++ b/src/rgw/rgw_rest_iam.cc
@@ -30,8 +30,9 @@ void RGWHandler_REST_IAM::rgw_iam_parse_input()
       for (const auto& t : tokens) {
         auto pos = t.find("=");
         if (pos != string::npos) {
+          constexpr bool in_query = true; // replace '+' with ' '
           s->info.args.append(t.substr(0,pos),
-                              url_decode(t.substr(pos+1, t.size() -1)));
+                              url_decode(t.substr(pos+1, t.size() -1), in_query));
         }
       }
     }
diff --git a/src/rgw/rgw_rest_pubsub.cc b/src/rgw/rgw_rest_pubsub.cc
index c20cbe7c233..6a0d1f8703f 100644
--- a/src/rgw/rgw_rest_pubsub.cc
+++ b/src/rgw/rgw_rest_pubsub.cc
@@ -358,7 +358,8 @@ void RGWHandler_REST_PSTopic_AWS::rgw_topic_parse_input() {
           if (key == "Action") {
             s->info.args.append(key, t.substr(pos + 1, t.size() - 1));
           } else if (key == "Name" || key == "TopicArn") {
-            const auto value = url_decode(t.substr(pos + 1, t.size() - 1));
+            constexpr bool in_query = true; // replace '+' with ' '
+            const auto value = url_decode(t.substr(pos + 1, t.size() - 1), in_query);
             s->info.args.append(key, value);
           } else {
             update_attribute_map(t, map);
diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
index 093c92d3633..fcd2f8028f6 100644
--- a/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@ -759,8 +759,9 @@ void RGWHandler_REST_STS::rgw_sts_parse_input()
       for (const auto& t : tokens) {
         auto pos = t.find("=");
         if (pos != string::npos) {
+          constexpr bool in_query = true; // replace '+' with ' '
           s->info.args.append(t.substr(0,pos),
-                              url_decode(t.substr(pos+1, t.size() -1)));
+                              url_decode(t.substr(pos+1, t.size() -1), in_query));
         }
       }
     }
diff --git a/src/rgw/rgw_rest_user_policy.cc b/src/rgw/rgw_rest_user_policy.cc
index f6c7d2314dc..d4b29679c72 100644
--- a/src/rgw/rgw_rest_user_policy.cc
+++ b/src/rgw/rgw_rest_user_policy.cc
@@ -93,9 +93,9 @@ uint64_t RGWPutUserPolicy::get_op()
 
 int RGWPutUserPolicy::get_params()
 {
-  policy_name = url_decode(s->info.args.get("PolicyName"), true);
-  user_name = url_decode(s->info.args.get("UserName"), true);
-  policy = url_decode(s->info.args.get("PolicyDocument"), true);
+  policy_name = s->info.args.get("PolicyName");
+  user_name = s->info.args.get("UserName");
+  policy = s->info.args.get("PolicyDocument");
 
   if (policy_name.empty() || user_name.empty() || policy.empty()) {
     ldpp_dout(this, 20) << "ERROR: one of policy name, user name or policy document is empty"