Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Handled bad redirect URLs for private sites

Browse source 
no issue

- Sentry flagged up a redirect URL for the POST action of accessing a
  private site which would throw a 500
- `decodeURIComponent` would throw an error if it was passed bad data
- this commit moves the `decodeURIComponent` inside the try-catch to
  handle the error
This commit is contained in:
Daniel Lockyer 2020-03-02 08:18:49 +00:00
parent c9af8844ba
commit 65d258972b
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
core/frontend/apps/private-blogging/lib/middleware.js
View file

@ -22,9 +22,8 @@ function verifySessionHash(salt, hash) {
} }
function getRedirectUrl(query) { function getRedirectUrl(query) {
const redirect = decodeURIComponent(query.r || '/');
try { try {
const redirect = decodeURIComponent(query.r || '/');
return url.parse(redirect).pathname; return url.parse(redirect).pathname;
} catch (e) { } catch (e) {
return '/'; return '/';