From 0ac5ecee8a2c4b90d9bb51372492c9a13ebd6c55 Mon Sep 17 00:00:00 2001
From: RoyceDa <admin@rosetta-im.com>
Date: Wed, 18 Feb 2026 15:38:44 +0200
Subject: [PATCH] /

---
 .gitea/workflows/sshupload.ps1 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/sshupload.ps1 b/.gitea/workflows/sshupload.ps1
index c5dd457..c7c3746 100644
--- a/.gitea/workflows/sshupload.ps1
+++ b/.gitea/workflows/sshupload.ps1
@@ -160,14 +160,15 @@ function Upload-ToSFTP {
         [string]$WinSCPExe
     )
     
-    # Password is already a plain string, use it directly
-    $plainPassword = $Pass
-    
+    # If password came URL-encoded (e.g., %23 for #), decode once
+    if ($Pass -match '%[0-9A-Fa-f]{2}') {
+        $Pass = [System.Net.WebUtility]::UrlDecode($Pass)
+    }
+
     # Escape special characters in password that could break URL or WinSCP syntax
-    # Replace @ with %40, : with %3A, # with %23, $ with %24, & with %26
-    $escapedPassword = $plainPassword
+    $escapedPassword = $Pass
     $escapedPassword = $escapedPassword -replace '@', '%40'
-    $escapedPassword = $escapedPassword -replace ':', '%3A'  
+    $escapedPassword = $escapedPassword -replace ':', '%3A'
     $escapedPassword = $escapedPassword -replace '#', '%23'
     $escapedPassword = $escapedPassword -replace '\$', '%24'
     $escapedPassword = $escapedPassword -replace '`', '%60'