From 0101e1f96b49cf9324ca5ff405e42e810eabc96a Mon Sep 17 00:00:00 2001
From: Luke Towers <github@luketowers.ca>
Date: Sat, 19 Sep 2020 14:07:23 -0600
Subject: [PATCH] Fix issue with image resizer URLs that contain URL-encoded
 characters (i.e. spaces)

Don't double decode the URL when validating it because the routing engine already decoded it once
---
 modules/system/classes/ImageResizer.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/system/classes/ImageResizer.php b/modules/system/classes/ImageResizer.php
index e5d463aca..71ea874a4 100644
--- a/modules/system/classes/ImageResizer.php
+++ b/modules/system/classes/ImageResizer.php
@@ -483,7 +483,7 @@ class ImageResizer
     {
         // Slashes in URL params have to be double encoded to survive Laravel's router
         // @see https://github.com/octobercms/october/issues/3592#issuecomment-671017380
-        $resizedUrl = urlencode(urlencode($this->getResizedUrl()));
+        $resizedUrl = rawurlencode(rawurlencode($this->getResizedUrl()));
 
         // Get the current configuration's identifier
         $identifier = $this->getIdentifier();
@@ -571,14 +571,14 @@ class ImageResizer
         // Process a string
         } elseif (is_string($image)) {
             // Parse the provided image path into a filesystem ready relative path
-            $relativePath = static::normalizePath(urldecode(parse_url($image, PHP_URL_PATH)));
+            $relativePath = static::normalizePath(rawurldecode(parse_url($image, PHP_URL_PATH)));
 
             // Loop through the sources available to the application to pull from
             // to identify the source most likely to be holding the image
             $resizeSources = static::getAvailableSources();
             foreach ($resizeSources as $source => $details) {
                 // Normalize the source path
-                $sourcePath = static::normalizePath(urldecode(parse_url($details['path'], PHP_URL_PATH)));
+                $sourcePath = static::normalizePath(rawurldecode(parse_url($details['path'], PHP_URL_PATH)));
 
                 // Identify if the current source is a match
                 if (starts_with($relativePath, $sourcePath)) {
@@ -727,7 +727,7 @@ class ImageResizer
     {
         // Slashes in URL params have to be double encoded to survive Laravel's router
         // @see https://github.com/octobercms/october/issues/3592#issuecomment-671017380
-        $decodedUrl = urldecode(urldecode($encodedUrl));
+        $decodedUrl = rawurldecode($encodedUrl);
         $url = null;
 
         // The identifier should be the signed version of the decoded URL