From 95d9e47353ef1301cbd53c4a94aec833f415a0b6 Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@gmail.com>
Date: Mon, 9 Jan 2017 23:22:20 +0100
Subject: [PATCH] Presign V2: Unescape non-std queries in urls (#3549)

A client sends escaped characters in values of some query parameters in a presign url.
This commit properly unescapes queires to fix signature calculation.
---
 cmd/signature-v2.go | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/cmd/signature-v2.go b/cmd/signature-v2.go
index 3952a912f..2698891d3 100644
--- a/cmd/signature-v2.go
+++ b/cmd/signature-v2.go
@@ -111,13 +111,18 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
 		case "Expires":
 			expires, err = url.QueryUnescape(keyval[1])
 		default:
-			filteredQueries = append(filteredQueries, query)
+			unescapedQuery, qerr := url.QueryUnescape(query)
+			if qerr == nil {
+				filteredQueries = append(filteredQueries, unescapedQuery)
+			} else {
+				err = qerr
+			}
+		}
+		// Check if the query unescaped properly.
+		if err != nil {
+			errorIf(err, "Unable to unescape query values", queries)
+			return ErrInvalidQueryParams
 		}
-	}
-	// Check if the query unescaped properly.
-	if err != nil {
-		errorIf(err, "Unable to unescape query values", queries)
-		return ErrInvalidQueryParams
 	}
 
 	// Invalid access key.