Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

🐛 Fixed throwing 500 for invalid encoded urls (#9279)

Browse source 
refs https://github.com/TryGhost/Team/issues/41

- if you send invalid encoded url components in the path, the server tried to decode the url
- if it contains invalid characters like /AF%, it throwed a 500
- we return a page not found error instead
This commit is contained in:
Katharina Irrgang 2017-11-28 12:39:38 +01:00 committed by Kevin Ansfield
parent 860b38a1a7
commit 3004e03bc6
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
core/server/middleware/uncapitalise.js
View file

@ -13,13 +13,15 @@
// req.path = /ghost/signin/ // req.path = /ghost/signin/
var utils = require('../utils'), var utils = require('../utils'),
errors = require('../errors'),
i18n = require('../i18n'),
uncapitalise; uncapitalise;
uncapitalise = function uncapitalise(req, res, next) { uncapitalise = function uncapitalise(req, res, next) {
var pathToTest = (req.baseUrl ? req.baseUrl : '') + req.path, var pathToTest = (req.baseUrl ? req.baseUrl : '') + req.path,
isSignupOrReset = pathToTest.match(/^(.*\/ghost\/(signup|reset)\/)/i), isSignupOrReset = pathToTest.match(/^(.*\/ghost\/(signup|reset)\/)/i),
isAPI = pathToTest.match(/^(.*\/ghost\/api\/v[\d\.]+\/.*?\/)/i), isAPI = pathToTest.match(/^(.*\/ghost\/api\/v[\d\.]+\/.*?\/)/i),
redirectPath; redirectPath, decodedURI;
if (isSignupOrReset) { if (isSignupOrReset) {
pathToTest = isSignupOrReset[1]; pathToTest = isSignupOrReset[1];
@ -30,11 +32,20 @@ uncapitalise = function uncapitalise(req, res, next) {
pathToTest = isAPI[1]; pathToTest = isAPI[1];
} }
try {
decodedURI = decodeURIComponent(pathToTest);
} catch (err) {
return next(new errors.NotFoundError({
message: i18n.t('errors.errors.pageNotFound'),
err: err
}));
}
/** /**
* In node < 0.11.1 req.path is not encoded, afterwards, it is always encoded such that | becomes %7C etc. * In node < 0.11.1 req.path is not encoded, afterwards, it is always encoded such that | becomes %7C etc.
* That encoding isn't useful here, as it triggers an extra uncapitalise redirect, so we decode the path first * That encoding isn't useful here, as it triggers an extra uncapitalise redirect, so we decode the path first
*/ */
if (/[A-Z]/.test(decodeURIComponent(pathToTest))) { if (/[A-Z]/.test(decodedURI)) {
redirectPath = ( redirectPath = (
utils.removeOpenRedirectFromUrl((req.originalUrl || req.url).replace(pathToTest, pathToTest.toLowerCase())) utils.removeOpenRedirectFromUrl((req.originalUrl || req.url).replace(pathToTest, pathToTest.toLowerCase()))
); );