express-stormpath icon indicating copy to clipboard operation
express-stormpath copied to clipboard
verified publisher icon stormpath

Login form does not safe encode next query parameter

Open KamalAman opened this issue 9 years ago • 1 comments

In the Login form when the user needs to be authenticated, the next query parameter does is not URI encoded with encodeURIComponent.

Example

request /resource?pretty&test=1 Authentication Failed redirect login?next=/resource?pretty&test=1

However the redirect should be redirect login?next=%2Fresource%3Fpretty%26test%3D1

Proposed change: Add encodeURIComponent when setting next, and decodeURIComponent when redirecting after successful login

  var nextUri = url.parse(req.query.next || '').path;
  var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + encodeURIComponent(nextUri)) : ''));

   if (req.user && config.web.login.enabled) {
      var nextUrl = decodeURIComponent(nextUri || config.web.login.nextUri);
      return res.redirect(302, nextUrl);
   }

Currently, the original query parameters after the first one does not get included when redirected

KamalAman avatar Feb 08 '17 19:02 KamalAman

Thanks @KamalAman ! We'll get this fixed.

robertjd avatar Feb 10 '17 00:02 robertjd