steve
/
sunrise-cms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

support redirecting to print outs

deepsource-autofix-76c6eb20
Dan Gowans 2022-09-28 15:42:21 -04:00
parent 804e9f54d2
commit f9c4c411b8
4 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app.js
View File

@ -97,7 +97,7 @@ const sessionChecker = (request, response, next) => {
return next(); return next();
} }
const redirectUrl = getSafeRedirectURL(request.originalUrl); const redirectUrl = getSafeRedirectURL(request.originalUrl);
return response.redirect(`${urlPrefix}/login?redirect=${redirectUrl}`); return response.redirect(`${urlPrefix}/login?redirect=${encodeURIComponent(redirectUrl)}`);
}; };
app.use((request, response, next) => { app.use((request, response, next) => {
response.locals.buildNumber = version; response.locals.buildNumber = version;

2
app.ts
View File

@ -180,7 +180,7 @@ const sessionChecker = (
const redirectUrl = getSafeRedirectURL(request.originalUrl); const redirectUrl = getSafeRedirectURL(request.originalUrl);
return response.redirect(`${urlPrefix}/login?redirect=${redirectUrl}`); return response.redirect(`${urlPrefix}/login?redirect=${encodeURIComponent(redirectUrl)}`);
}; };
/* /*

14
helpers/functions.authentication.js
View File

@ -46,12 +46,14 @@ export const getSafeRedirectURL = (possibleRedirectURL = "") => {
if (typeof possibleRedirectURL === "string") { if (typeof possibleRedirectURL === "string") {
const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix)
? possibleRedirectURL.slice(urlPrefix.length) ? possibleRedirectURL.slice(urlPrefix.length)
: possibleRedirectURL).toLowerCase(); : possibleRedirectURL);
if (safeRedirects.has(urlToCheck) || const urlToCheckLowerCase = urlToCheck.toLowerCase();
/^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) || if (safeRedirects.has(urlToCheckLowerCase) ||
/^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) || /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) || /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck)) { /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^\/print\/(pdf|screen)\/[\d/=?A-Za-z-]+$/.test(urlToCheck)) {
return urlPrefix + urlToCheck; return urlPrefix + urlToCheck;
} }
} }

15
helpers/functions.authentication.ts
View File

@ -69,14 +69,17 @@ export const getSafeRedirectURL = (possibleRedirectURL = "") => {
possibleRedirectURL.startsWith(urlPrefix) possibleRedirectURL.startsWith(urlPrefix)
? possibleRedirectURL.slice(urlPrefix.length) ? possibleRedirectURL.slice(urlPrefix.length)
: possibleRedirectURL : possibleRedirectURL
).toLowerCase(); );
const urlToCheckLowerCase = urlToCheck.toLowerCase();
if ( if (
safeRedirects.has(urlToCheck) || safeRedirects.has(urlToCheckLowerCase) ||
/^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) || /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) || /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) || /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck) /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) ||
/^\/print\/(pdf|screen)\/[\d/=?A-Za-z-]+$/.test(urlToCheck)
) { ) {
return urlPrefix + urlToCheck; return urlPrefix + urlToCheck;
} }