Skip to content

Fix signature with escaping characters #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jun 18, 2025
Merged

Fix signature with escaping characters #379

merged 10 commits into from
Jun 18, 2025

Conversation

adimiz1
Copy link
Contributor

@adimiz1 adimiz1 commented Jun 15, 2025

Brief Summary of Changes

Fix signature with escaping characters

What does this PR address?

  • GitHub issue (Add reference - #XX)
  • Refactoring
  • New feature
  • Bug fix
  • Adds more tests

Are tests included?

  • Yes
  • No

Reviewer, please note:

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I ran the full test suite before pushing the changes and all the tests pass.

const-cloudinary
const-cloudinary requested changes Jun 17, 2025
View reviewed changes
Copy link

@const-cloudinary const-cloudinary left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comments

cloudinary-core/src/main/java/com/cloudinary/Cloudinary.java Outdated
@@ -195,7 +195,7 @@ public boolean verifyNotificationSignature(String body, String timestamp, String
* @return whether response signature is valid or not
*/
public boolean verifyApiResponseSignature(String publicId, String version, String signature) {
return new ApiResponseSignatureVerifier(config.apiSecret, config.signatureAlgorithm).verifySignature(publicId, version, signature);
return new ApiResponseSignatureVerifier(config.apiSecret, config.signatureAlgorithm).verifySignature(publicId, version, signature, config.signatureVersion);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should always use version 1, hardcoded.

cloudinary-core/src/main/java/com/cloudinary/api/signing/ApiResponseSignatureVerifier.java Outdated
@@ -57,9 +57,9 @@ public ApiResponseSignatureVerifier(String secretKey, SignatureAlgorithm signatu
*
* @return true if response signature passed verification procedure
*/
public boolean verifySignature(String publicId, String version, String signature) {
public boolean verifySignature(String publicId, String version, String signature, int signatureVersion) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and here too, version 1 hardcoded

@adimiz1 adimiz1 merged commit 90cc359 into master Jun 18, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@const-cloudinary const-cloudinary const-cloudinary approved these changes

@kalifyaniv-cloudinary kalifyaniv-cloudinary Awaiting requested review from kalifyaniv-cloudinary

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adimiz1 @const-cloudinary @mizadi