steve
/
sunrise-cms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

attempt to fix codeql vulnerability

deepsource-autofix-76c6eb20
Dan Gowans 2022-08-22 15:49:08 -04:00
parent 2b6ef96851
commit 4090714ace
2 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
routes/login.js
View File

@ -4,6 +4,7 @@ import * as authenticationFunctions from "../helpers/functions.authentication.js
export const router = Router(); export const router = Router();
const getSafeRedirectURL = (possibleRedirectURL = "") => { const getSafeRedirectURL = (possibleRedirectURL = "") => {
const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix"); const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
if (typeof (possibleRedirectURL) === "string") {
const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ? const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
possibleRedirectURL.slice(urlPrefix.length) : possibleRedirectURL.slice(urlPrefix.length) :
possibleRedirectURL).toLowerCase(); possibleRedirectURL).toLowerCase();
@ -16,6 +17,7 @@ const getSafeRedirectURL = (possibleRedirectURL = "") => {
case "/reports": case "/reports":
return urlPrefix + urlToCheck; return urlPrefix + urlToCheck;
} }
}
return urlPrefix + "/dashboard"; return urlPrefix + "/dashboard";
}; };
router.route("/") router.route("/")

3
routes/login.ts
View File

@ -15,6 +15,8 @@ const getSafeRedirectURL = (possibleRedirectURL = "") => {
const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix"); const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
if (typeof (possibleRedirectURL) === "string") {
const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ? const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
possibleRedirectURL.slice(urlPrefix.length) : possibleRedirectURL.slice(urlPrefix.length) :
possibleRedirectURL).toLowerCase(); possibleRedirectURL).toLowerCase();
@ -29,6 +31,7 @@ const getSafeRedirectURL = (possibleRedirectURL = "") => {
return urlPrefix + urlToCheck; return urlPrefix + urlToCheck;
} }
}
return urlPrefix + "/dashboard"; return urlPrefix + "/dashboard";
}; };