From 65d258972bc1ce7973f5ac484f7cfa606c27c48f Mon Sep 17 00:00:00 2001
From: Daniel Lockyer <hi@daniellockyer.com>
Date: Mon, 2 Mar 2020 08:18:49 +0000
Subject: [PATCH] Handled bad redirect URLs for private sites

no issue

- Sentry flagged up a redirect URL for the POST action of accessing a
  private site which would throw a 500
- `decodeURIComponent` would throw an error if it was passed bad data
- this commit moves the `decodeURIComponent` inside the try-catch to
  handle the error
---
 core/frontend/apps/private-blogging/lib/middleware.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/core/frontend/apps/private-blogging/lib/middleware.js b/core/frontend/apps/private-blogging/lib/middleware.js
index d01cb46fe3..149e2a9fa8 100644
--- a/core/frontend/apps/private-blogging/lib/middleware.js
+++ b/core/frontend/apps/private-blogging/lib/middleware.js
@@ -22,9 +22,8 @@ function verifySessionHash(salt, hash) {
 }
 
 function getRedirectUrl(query) {
-    const redirect = decodeURIComponent(query.r || '/');
-
     try {
+        const redirect = decodeURIComponent(query.r || '/');
         return url.parse(redirect).pathname;
     } catch (e) {
         return '/';