From 6ea6b895ad00a43f27e30d1df45c5641c25a87a0 Mon Sep 17 00:00:00 2001
From: KnifMelti <gaj@knifmelti.se>
Date: Thu, 11 Apr 2024 20:40:35 +0200
Subject: [PATCH 1/2] Fix ListPath as resourceURI and sasToken

---
 README.md                                        |  4 +++-
 .../functions/Test-ListPath.ps1                  | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 079fccb..a85dd9b 100644
--- a/README.md
+++ b/README.md
@@ -96,7 +96,9 @@ Use White List instead of Black List. This setting will not create the "excluded
 **-ListPath**<br>
 Get Black/White List from external Path (**URL/UNC/Local/GPO**) - download/copy to Winget-AutoUpdate installation location if external list is newer.<br>
 **PATH** must end with a Directory, not a File...<br>
-...if the external Path is an **URL** and the web host doesn't respond with a date/time header for the file (i.e **GitHub**) then the file is always downloaded!
+...if the external Path is an **URL** and the web host doesn't respond with a date/time header for the file (i.e **GitHub**) then the file is always downloaded!<br>
+...if the external Path is a Private Azure Container protected by a SAS token it should be like this (`resourceURI?sasToken`):<br>
+`https://storagesample.blob.core.windows.net/sample-container?v=2023-11-31&sr=b&sig=39Up9jzHkxhUIhFEjEh9594DIxe6cIRCgOVOICGSP%3A377&sp=rcw`
 
 If `-ListPath` is set to **GPO** the Black/White List can be managed from within the GPO itself under **Application GPO Blacklist**/**Application GPO Whitelist**. Thanks to [Weatherlights](https://github.com/Weatherlights) in [#256 (reply in thread)](https://github.com/Romanitho/Winget-AutoUpdate/discussions/256#discussioncomment-4710599)!
 
diff --git a/Sources/WAU/Winget-AutoUpdate/functions/Test-ListPath.ps1 b/Sources/WAU/Winget-AutoUpdate/functions/Test-ListPath.ps1
index 2ec3d7b..f49c881 100644
--- a/Sources/WAU/Winget-AutoUpdate/functions/Test-ListPath.ps1
+++ b/Sources/WAU/Winget-AutoUpdate/functions/Test-ListPath.ps1
@@ -21,6 +21,22 @@ function Test-ListPath ($ListPath, $UseWhiteList, $WingetUpdatePath) {
     # If path is URL
     if ($ListPath -like "http*") {
         $ExternalList = -join ($ListPath, "/", $ListType)
+
+        # Test if $ListPath contains the character "?" (testing for SAS token)
+        if ($Listpath -match "\?") {
+            # Split the URL into two strings at the "?" substring
+            $splitPath = $ListPath.Split("`?")
+
+            # Assign the first string (up to "?") to the variable $resourceURI
+            $resourceURI = $splitPath[0]
+
+            # Assign the second string (after "?" to the end) to the variable $sasToken
+            $sasToken = $splitPath[1]
+            
+            # Join the parts and add "/$ListType?" in between the parts
+            $ExternalList = -join ($resourceURI, "/$ListType`?", $sasToken)
+        }
+
         $wc = New-Object System.Net.WebClient
         try {
             $wc.OpenRead("$ExternalList").Close() | Out-Null

From 7793ce3a1cf2ea89d9aae9b91e5ffc79b25117e5 Mon Sep 17 00:00:00 2001
From: KnifMelti <gaj@knifmelti.se>
Date: Sun, 14 Apr 2024 07:21:29 +0200
Subject: [PATCH 2/2] Escape special characters

---
 README.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index a85dd9b..d387efb 100644
--- a/README.md
+++ b/README.md
@@ -97,8 +97,12 @@ Use White List instead of Black List. This setting will not create the "excluded
 Get Black/White List from external Path (**URL/UNC/Local/GPO**) - download/copy to Winget-AutoUpdate installation location if external list is newer.<br>
 **PATH** must end with a Directory, not a File...<br>
 ...if the external Path is an **URL** and the web host doesn't respond with a date/time header for the file (i.e **GitHub**) then the file is always downloaded!<br>
-...if the external Path is a Private Azure Container protected by a SAS token it should be like this (`resourceURI?sasToken`):<br>
-`https://storagesample.blob.core.windows.net/sample-container?v=2023-11-31&sr=b&sig=39Up9jzHkxhUIhFEjEh9594DIxe6cIRCgOVOICGSP%3A377&sp=rcw`
+
+If the external Path is a Private Azure Container protected by a SAS token (**resourceURI?sasToken**), every special character should be escaped at installation time.<br>
+It doesn't work to call Powershell in **CMD** to install **WAU** with the parameter:<br>
+`-ListPath https://storagesample.blob.core.windows.net/sample-container?v=2023-11-31&sr=b&sig=39Up9jzHkxhUIhFEjEh9594DIxe6cIRCgOVOICGSP%3A377&sp=rcw`<br>
+Instead you must escape **every** special character (notice the `%` escape too) like:<br>
+`-ListPath https://storagesample.blob.core.windows.net/sample-container^?v=2023-11-31^&sr=b^&sig=39Up9jzHkxhUIhFEjEh9594DIxe6cIRCgOVOICGSP%%3A377^&sp=rcw`
 
 If `-ListPath` is set to **GPO** the Black/White List can be managed from within the GPO itself under **Application GPO Blacklist**/**Application GPO Whitelist**. Thanks to [Weatherlights](https://github.com/Weatherlights) in [#256 (reply in thread)](https://github.com/Romanitho/Winget-AutoUpdate/discussions/256#discussioncomment-4710599)!