From b9e72b9645765b364f1b6d64d291ab1e979c3fcf Mon Sep 17 00:00:00 2001 From: GOGOsu Date: Sat, 30 Apr 2022 05:56:10 +0800 Subject: [PATCH 1/6] Update aliyun-sms.js MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit aliyun-sms.js: escape more characters than encodeURIComponent see https://help.aliyun.com/document_detail/315526.html 字符A~Z、a~z、0~9以及字符-、_、.、~不编码。对其它ASCII码字符进行编码。 --- server/notification-providers/aliyun-sms.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index fc2815112..325d2214b 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -92,9 +92,20 @@ class AliyunSMS extends NotificationProvider { let key = oa[i]; param2[key] = param[key]; } + + let moreEscapesTable = function(m) { + return { + "!": "%21", + "*": "%2A", + "'": "%27", + "(": "%28", + ")": "%29" + }[m] + }; for (let key in param2) { - data.push(`${encodeURIComponent(key)}=${encodeURIComponent(param2[key])}`); + let value = encodeURIComponent(param2[key]).replace(/[!*'()]/g, moreEscapesTable); + data.push(`${encodeURIComponent(key)}=${value}`); } let StringToSign = `POST&${encodeURIComponent("/")}&${encodeURIComponent(data.join("&"))}`; From ae2c49a72904aed503959b4cf7b595b53c5b4bab Mon Sep 17 00:00:00 2001 From: GOGOsu Date: Sat, 30 Apr 2022 06:28:16 +0800 Subject: [PATCH 2/6] Update aliyun-sms.js --- server/notification-providers/aliyun-sms.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index 325d2214b..65843ebe0 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -92,15 +92,15 @@ class AliyunSMS extends NotificationProvider { let key = oa[i]; param2[key] = param[key]; } - - let moreEscapesTable = function(m) { + + let moreEscapesTable = function (m) { return { - "!": "%21", - "*": "%2A", - "'": "%27", - "(": "%28", + "!": "%21", + "*": "%2A", + "'": "%27", + "(": "%28", ")": "%29" - }[m] + }[m]; }; for (let key in param2) { From 2347a01f7c6e0362c4c92081836c930d202dd9ff Mon Sep 17 00:00:00 2001 From: GOGOsu Date: Sat, 30 Apr 2022 10:42:59 +0800 Subject: [PATCH 3/6] Update aliyun-sms.js Add comments for the changed code. --- server/notification-providers/aliyun-sms.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index 65843ebe0..11575df35 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -92,6 +92,10 @@ class AliyunSMS extends NotificationProvider { let key = oa[i]; param2[key] = param[key]; } + + // Escape more characters than encodeURIComponent does. + // For generating Aliyun signature, all characters except A-Za-z0-9~-._ are encoded. + // See https://help.aliyun.com/document_detail/315526.html let moreEscapesTable = function (m) { return { From 369477b4b920e14b177b1ab9f2779d1a58aa4d86 Mon Sep 17 00:00:00 2001 From: GOGOsu Date: Sat, 30 Apr 2022 10:45:38 +0800 Subject: [PATCH 4/6] Update aliyun-sms.js --- server/notification-providers/aliyun-sms.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index 11575df35..2574cd3c0 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -92,7 +92,7 @@ class AliyunSMS extends NotificationProvider { let key = oa[i]; param2[key] = param[key]; } - + // Escape more characters than encodeURIComponent does. // For generating Aliyun signature, all characters except A-Za-z0-9~-._ are encoded. // See https://help.aliyun.com/document_detail/315526.html From 73e38a13d2e1bf19c64edd063fb77fe323f6aa9b Mon Sep 17 00:00:00 2001 From: GOGOsu Date: Sat, 30 Apr 2022 21:08:35 +0800 Subject: [PATCH 5/6] Update server/notification-providers/aliyun-sms.js Co-authored-by: Adam Stachowicz --- server/notification-providers/aliyun-sms.js | 1 - 1 file changed, 1 deletion(-) diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index 2574cd3c0..79f0dd30a 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -96,7 +96,6 @@ class AliyunSMS extends NotificationProvider { // Escape more characters than encodeURIComponent does. // For generating Aliyun signature, all characters except A-Za-z0-9~-._ are encoded. // See https://help.aliyun.com/document_detail/315526.html - let moreEscapesTable = function (m) { return { "!": "%21", From 53b98ad3e488611bc426547c9de271411e6942b7 Mon Sep 17 00:00:00 2001 From: Louis Lam Date: Sun, 1 May 2022 12:10:47 +0800 Subject: [PATCH 6/6] Add more comment for aliyun-sms fix --- server/notification-providers/aliyun-sms.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index 79f0dd30a..fa73ffb1f 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -96,6 +96,7 @@ class AliyunSMS extends NotificationProvider { // Escape more characters than encodeURIComponent does. // For generating Aliyun signature, all characters except A-Za-z0-9~-._ are encoded. // See https://help.aliyun.com/document_detail/315526.html + // This encoding methods as known as RFC 3986 (https://tools.ietf.org/html/rfc3986) let moreEscapesTable = function (m) { return { "!": "%21",