Infrastructure/zipline
1
Fork 0
Code Issues Pull requests Activity

fix: url encode password query

Browse source
This commit is contained in:
diced 2023-02-17 19:45:04 -08:00
parent 2ef4a52be0
commit e1003d4bb6
No known key found for this signature in database
GPG key ID: 370BD1BA142842D1
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/pages/api/auth/image.ts
View file

@ -17,7 +17,9 @@ async function handler(req: NextApiReq, res: NextApiRes) {
if (!file) return res.notFound('image not found');
if (!password) return res.badRequest('no password provided');
const valid = await checkPassword(password as string, file.password);
const decoded = decodeURIComponent(password as string);
const valid = await checkPassword(decoded, file.password);
if (!valid) return res.badRequest('wrong password');
const data = await datasource.get(file.name);

2
src/pages/view/[id].tsx
View file

@ -32,7 +32,7 @@ export default function EmbeddedFile({
file.createdAt = new Date(file ? file.createdAt : 0);
const check = async () => {
const res = await fetch(`/api/auth/image?id=${file.id}&password=${password}`);
const res = await fetch(`/api/auth/image?id=${file.id}&password=${encodeURIComponent(password)}`);
if (res.ok) {
setError('');