ensure redirect target path is correctly encoded (#6229)

Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
2021-02-28 16:28:20 +00:00
parent 6128aa55de
commit 06464008cc
2 changed files with 15 additions and 1 deletions
--- a/core/base-service/redirector.js
+++ b/core/base-service/redirector.js
@@ -82,7 +82,7 @@ module.exports = function redirector(attrs) {
        trace.logTrace('inbound', emojic.ticket, 'Named params', namedParams)
        trace.logTrace('inbound', emojic.crayon, 'Query params', queryParams)

-        const targetPath = transformPath(namedParams)
+        const targetPath = encodeURI(transformPath(namedParams))
        trace.logTrace('validate', emojic.dart, 'Target', targetPath)

        let urlSuffix = ask.uri.search || ''
--- a/core/base-service/redirector.spec.js
+++ b/core/base-service/redirector.spec.js
@@ -121,6 +121,20 @@ describe('Redirector', function () {
      )
    })

+    it('should correctly encode the redirect URL', async function () {
+      const { statusCode, headers } = await got(
+        `${baseUrl}/very/old/service/hello%0Dworld.svg?foobar=a%0Db`,
+        {
+          followRedirect: false,
+        }
+      )
+
+      expect(statusCode).to.equal(301)
+      expect(headers.location).to.equal(
+        '/new/service/hello%0Dworld.svg?foobar=a%0Db'
+      )
+    })
+
    describe('transformQueryParams', function () {
      const route = {
        base: 'another/old/service',