ComputerSurge/shields
3
0
Fork 0
Code Pull Requests 1 Activity

ensure redirect target path is correctly encoded (#6229)

Browse Source 
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
This commit is contained in:
chris48s
2021-02-28 16:28:20 +00:00
committed by GitHub
parent 6128aa55de
commit 06464008cc
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/base-service/redirector.js
View File

@@ -82,7 +82,7 @@ module.exports = function redirector(attrs) {
trace.logTrace('inbound', emojic.ticket, 'Named params', namedParams) trace.logTrace('inbound', emojic.ticket, 'Named params', namedParams)
trace.logTrace('inbound', emojic.crayon, 'Query params', queryParams) trace.logTrace('inbound', emojic.crayon, 'Query params', queryParams)
const targetPath = transformPath(namedParams) const targetPath = encodeURI(transformPath(namedParams))
trace.logTrace('validate', emojic.dart, 'Target', targetPath) trace.logTrace('validate', emojic.dart, 'Target', targetPath)
let urlSuffix = ask.uri.search || '' let urlSuffix = ask.uri.search || ''

14
core/base-service/redirector.spec.js
View File

@@ -121,6 +121,20 @@ describe('Redirector', function () {
) )
}) })
it('should correctly encode the redirect URL', async function () {
const { statusCode, headers } = await got(
`${baseUrl}/very/old/service/hello%0Dworld.svg?foobar=a%0Db`,
{
followRedirect: false,
}
)
expect(statusCode).to.equal(301)
expect(headers.location).to.equal(
'/new/service/hello%0Dworld.svg?foobar=a%0Db'
)
})
describe('transformQueryParams', function () { describe('transformQueryParams', function () {
const route = { const route = {
base: 'another/old/service', base: 'another/old/service',