Fix handling # symbols in non-HTTP(S) source URLs

CHANGELOG.md

@@ -1,9 +1,13 @@
 # Changelog
 
 ## [Unreleased]
+# Add
 - (pro) Add [monochrome](https://docs.imgproxy.net/latest/usage/processing#monochrome) processing option.
 - (pro) Add [duotone](https://docs.imgproxy.net/latest/usage/processing#duotone) processing option.
 
+# Fix
+- Fix handling `#` symbols in `local://`, `s3://`, `gcs://`, `abs://`, and `swift://` URLs.
+
 ## [3.25.0] - 2024-07-08
 ### Add
 - Add [IMGPROXY_S3_ASSUME_ROLE_EXTERNAL_ID](https://docs.imgproxy.net/latest/configuration/options#IMGPROXY_S3_ASSUME_ROLE_EXTERNAL_ID) config.
@@ -28,7 +32,7 @@
 ### Fix
 - Fix HEIC/AVIF dimension limit handling.
 - Fix SVG detection when the root element has a namespace.
-- Fix treating percent-encoded symbols in `s3://`, `gcs://`, `abs://`, and `swift://` URLs.
+- Fix treating percent-encoded symbols in `local://`, `s3://`, `gcs://`, `abs://`, and `swift://` URLs.
 - (pro) Fix style injection to SVG.
 - (pro) Fix video tiles generation when the video's SAR is not `1`.
 

imagedata/download.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/cookiejar"
+	"net/url"
 	"strings"
 	"time"
 
@@ -139,6 +140,17 @@ func BuildImageRequest(ctx context.Context, imageURL string, header http.Header,
 		return nil, func() {}, ierrors.New(404, err.Error(), msgSourceImageIsUnreachable)
 	}
 
+	// S3, GCS, etc object keys may contain `#` symbol.
+	// `url.ParseRequestURI` unlike `url.Parse` does not cut-off the fragment part from the URL path.
+	if req.URL.Scheme != "http" && req.URL.Scheme != "https" {
+		u, err := url.ParseRequestURI(imageURL)
+		if err != nil {
+			reqCancel()
+			return nil, func() {}, ierrors.New(404, err.Error(), msgSourceImageIsUnreachable)
+		}
+		req.URL = u
+	}
+
 	if _, ok := enabledSchemes[req.URL.Scheme]; !ok {
 		reqCancel()
 		return nil, func() {}, ierrors.New(