[
https://issues.jenkins-ci.org/browse/JENKINS-13531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=161994#comment-161994
]
cjo9900 commented on JENKINS-13531:
-----------------------------------
Tests on Jenkins 1.460 using firebug show that the Post message is sent
incorrectly encoded.
Parametersapplication/x-www-form-urlencoded
accessKey l ll
name kik
secretKey
Source
name=kik&secretKey=&accessKey=l++ll
according to the encoding spec
the query string should be encoded as follows for the plus and space
'+' -> %2B
' ' -> '+'
so should be sent as
accessKey l%2B%2Bll
The issue is caused by the change in ./war/src/main/webapp/scripts/prototype.js
which changed from version 1.5.1.1 to 1.7 between Jenkins 1.454 and 1.455. The
change in this file is that the Ajax.Request class and its base class handles
the parameters differently, in 1.5.1.1 a string type parameter was converted to
a params hash object including a URIdecode on it. in 1.7 it stores the String
parameters directly uses them as is and therefore if it is not correctly URI
encoded this gets passed to the backend Winstone/Stapler which calls URIdecode
on it accoring to the URI specs for query and converts the '+' to a space.
2 solutions
Hack prototype.js to perform this encoding
Change the s3 plugin global.jelly to use encodeURIComponent() rather than
escape()
> Plugin replacing "+" with " " in configuration strings when plugin is
> instantiated.
> -----------------------------------------------------------------------------------
>
> Key: JENKINS-13531
> URL: https://issues.jenkins-ci.org/browse/JENKINS-13531
> Project: Jenkins
> Issue Type: Bug
> Components: core
> Affects Versions: current
> Environment: RedHat Linux and Mac OS X Lion
> Reporter: glimberg
> Labels: configuration, plugins, url-encoding
>
> I've been experimenting with the Amazon S3 Publisher plugin in Jenkins 1.460
> in preparation for starting to use S3 for artifact storage & program
> distribution at work. I kept getting errors with the S3 plugin, however,
> stating "Can't connect to S3 service: The request signature we calculated
> does not match the signature you provided. Check your key and signing
> method."
> The Access & Secret Keys were correct and being stored correctly in the
> hudson.plugins.s3.S3BucketPublisher.xml configuration file. I added some
> logging to the plugin to discover that in
> S3BucketPublisher.DescriptorImpl.doLoginCheck(), the "secretKey" element of
> the StaplerRequest parameter was being returned incorrectly. There's a "+"
> character in the secret key. The plus was being turn into a space (" "),
> thus the plugin is unable to connect to S3.
> The issue first appears with Jenkins & the S3 Publisher plugin in Jenkins
> 1.455 and continues through 1.460. Versions 1.454 and prior behave as
> expected. The "+" in the secret key is retained and connection to S3 is
> possible. Nothing has changed in the S3 plugin in that time period, so the
> issue must be somewhere inside Jenkins itself. Unfortunately, I'm rather
> unfamiliar with the Jenkins architecture and plugin architecture an am unable
> to trace the issue further down the chain than that.
> To recreate the issue:
> 1) get the S3 plugin (https://github.com/jenkinsci/s3-plugin)
> 2) set the jenkins version on line 6 of pom.xml to 1.455 or greater.
> 3) in "Configure System", add an S3 profile. Valid or not does not matter.
> Make sure there's a "+" in the secret key or the access key field.
> 4) Set a breakpoint, or print out the value of req.getParameter("secretKey")
> in S3BucketPublisher.DescriptorImpl.doLoginCheck(). See that the "+" has
> been turned into a " ".
> The strange thing is that if you look in the actual form fields secretKey or
> accessKey, the + will be in there correctly. Somehow it's not getting to the
> actual plugin code as a +, though.
> Workarounds:
> None known at this time.
> I attempted to replace the + with its URLEncoded form "%2B" in the
> configuration file, but "%2B" comes through instead of being decoded into a +.
> The only hack I have to get it working for us at the office for the time
> being is to replace all instances of " " in the secretKey with "+". Not a
> good solution.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
