From 1c437bdeb8cd886aab7a62f94d951b3ce4e08c4c Mon Sep 17 00:00:00 2001
From: Max Rice <max@maxrice.com>
Date: Thu, 3 Apr 2014 16:56:26 -0400
Subject: [PATCH] API: double-encode percent symbols when normalizing
 parameters

---
 includes/api/class-wc-api-authentication.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/includes/api/class-wc-api-authentication.php b/includes/api/class-wc-api-authentication.php
index 46a904c25df..984ee85864a 100644
--- a/includes/api/class-wc-api-authentication.php
+++ b/includes/api/class-wc-api-authentication.php
@@ -250,7 +250,11 @@ class WC_API_Authentication {
 
 		foreach ( $parameters as $key => $value ) {
 
-			$normalized_parameters[ rawurlencode( rawurldecode( $key ) ) ] = rawurlencode( rawurldecode( $value ) );
+			// percent symbols (%) must be double-encoded
+			$key   = str_replace( '%', '%25', rawurlencode( rawurldecode( $key ) ) );
+			$value = str_replace( '%', '%25', rawurlencode( rawurldecode( $value ) ) );
+
+			$normalized_parameters[ $key ] = $value;
 		}
 
 		return $normalized_parameters;