steve
/
sunrise-cms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

support redirecting to print outs

deepsource-autofix-76c6eb20
Dan Gowans 2022-09-28 15:42:21 -04:00
parent 804e9f54d2
commit f9c4c411b8
4 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app.js
View File

@ -97,7 +97,7 @@ const sessionChecker = (request, response, next) => {
return next();
}
const redirectUrl = getSafeRedirectURL(request.originalUrl);
return response.redirect(`${urlPrefix}/login?redirect=${redirectUrl}`);
return response.redirect(`${urlPrefix}/login?redirect=${encodeURIComponent(redirectUrl)}`);
};
app.use((request, response, next) => {
response.locals.buildNumber = version;

2
app.ts
View File

@ -180,7 +180,7 @@ const sessionChecker = (
const redirectUrl = getSafeRedirectURL(request.originalUrl);
return response.redirect(`${urlPrefix}/login?redirect=${redirectUrl}`);
return response.redirect(`${urlPrefix}/login?redirect=${encodeURIComponent(redirectUrl)}`);
};
/*

14
helpers/functions.authentication.js
View File

@ -46,12 +46,14 @@ export const getSafeRedirectURL = (possibleRedirectURL = "") => {
if (typeof possibleRedirectURL === "string") {
const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix)
? possibleRedirectURL.slice(urlPrefix.length)
: possibleRedirectURL).toLowerCase();
if (safeRedirects.has(urlToCheck) ||
/^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) ||
/^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) ||
/^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck)) {
: possibleRedirectURL);
const urlToCheckLowerCase = urlToCheck.toLowerCase();
if (safeRedirects.has(urlToCheckLowerCase) ||
/^(\/maps\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lots\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^\/print\/(pdf|screen)\/[\d/=?A-Za-z-]+$/.test(urlToCheck)) {
return urlPrefix + urlToCheck;
}
}

15
helpers/functions.authentication.ts
View File

@ -69,14 +69,17 @@ export const getSafeRedirectURL = (possibleRedirectURL = "") => {
possibleRedirectURL.startsWith(urlPrefix)
? possibleRedirectURL.slice(urlPrefix.length)
: possibleRedirectURL
).toLowerCase();
);
const urlToCheckLowerCase = urlToCheck.toLowerCase();
if (
safeRedirects.has(urlToCheck) ||
/^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) ||
/^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) ||
/^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck)
safeRedirects.has(urlToCheckLowerCase) ||
/^(\/maps\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lots\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^\/print\/(pdf|screen)\/[\d/=?A-Za-z-]+$/.test(urlToCheck)
) {
return urlPrefix + urlToCheck;
}