Enable automatic url decoding

Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs

@@ -78,6 +78,16 @@ namespace Jellyfin.Server.Extensions
             return appBuilder.UseMiddleware<LanFilteringMiddleware>();
         }
 
+        /// <summary>
+        /// Enables url decoding before binding to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The <see cref="IApplicationBuilder"/>.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseQueryStringDecoding(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<QueryStringDecodingMiddleware>();
+        }
+
         /// <summary>
         /// Adds base url redirection to the application pipeline.
         /// </summary>

Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs

@@ -0,0 +1,42 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Logging;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// URL decodes the querystring before binding.
+    /// </summary>
+    public class QueryStringDecodingMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private readonly ILogger<QueryStringDecodingMiddleware> _logger;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="QueryStringDecodingMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        /// <param name="logger">The logger.</param>
+        public QueryStringDecodingMiddleware(
+            RequestDelegate next,
+            ILogger<QueryStringDecodingMiddleware> logger)
+        {
+            _next = next;
+            _logger = logger;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext)
+        {
+            httpContext.Features.Set<IQueryFeature>(new UrlDecodeQueryFeature(httpContext.Features.Get<IQueryFeature>()));
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+    }
+}

Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs

@@ -0,0 +1,75 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Primitives;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Defines the <see cref="UrlDecodeQueryFeature"/>.
+    /// </summary>
+    public class UrlDecodeQueryFeature : IQueryFeature
+    {
+        private IQueryCollection? _store;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UrlDecodeQueryFeature"/> class.
+        /// </summary>
+        /// <param name="feature">The <see cref="IQueryFeature"/> instance.</param>
+        public UrlDecodeQueryFeature(IQueryFeature feature)
+        {
+            Query = feature.Query;
+        }
+
+        /// <summary>
+        /// Gets or sets a value indicating the url decoded <see cref="IQueryCollection"/>.
+        /// </summary>
+        public IQueryCollection Query
+        {
+            get
+            {
+                return _store ?? QueryCollection.Empty;
+            }
+
+            set
+            {
+                // Only interested in where the querystring is encoded which shows up as one key with everything else in the value.
+                if (value.Count != 1)
+                {
+                    _store = value;
+                    return;
+                }
+
+                // Encoded querystrings have no value, so don't process anything if a values is present.
+                var kvp = value.First();
+                if (!string.IsNullOrEmpty(kvp.Value))
+                {
+                    _store = value;
+                    return;
+                }
+
+                // Unencode and re-parse querystring.
+                var unencodedKey = HttpUtility.UrlDecode(kvp.Key);
+
+                if (string.Equals(unencodedKey, kvp.Key, System.StringComparison.Ordinal))
+                {
+                    _store = value;
+                    return;
+                }
+
+                var pairs = new Dictionary<string, StringValues>();
+                var queryString = unencodedKey.Split('&', System.StringSplitOptions.RemoveEmptyEntries);
+
+                foreach (var pair in queryString)
+                {
+                    var item = pair.Split('=', System.StringSplitOptions.RemoveEmptyEntries);
+                    pairs.Add(item[0], new StringValues(item.Length == 2 ? item[1] : string.Empty));
+                }
+
+                _store = new QueryCollection(pairs);
+            }
+        }
+    }
+}

Jellyfin.Server/Startup.cs

@@ -150,6 +150,7 @@ namespace Jellyfin.Server
 
                 mainApp.UseAuthentication();
                 mainApp.UseJellyfinApiSwagger(_serverConfigurationManager);
+                mainApp.UseQueryStringDecoding();
                 mainApp.UseRouting();
                 mainApp.UseAuthorization();