libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-01 03:12:42 +01:00
Code Issues Projects Releases Wiki Activity

lint: src/node/hooks/express/padurlsanitize.js

Browse source
This commit is contained in:
John McLear 2021-01-21 21:06:52 +00:00 committed by Richard Hansen
parent 43ce0f839b
commit 72ddf35426
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/node/hooks/express/padurlsanitize.js
View file

@ -1,7 +1,9 @@
'use strict';
const padManager = require('../../db/PadManager'); const padManager = require('../../db/PadManager');
const url = require('url'); const url = require('url');
exports.expressCreateServer = function (hook_name, args, cb) { exports.expressCreateServer = (hookName, args, cb) => {
// redirects browser to the pad's sanitized url if needed. otherwise, renders the html // redirects browser to the pad's sanitized url if needed. otherwise, renders the html
args.app.param('pad', async (req, res, next, padId) => { args.app.param('pad', async (req, res, next, padId) => {
// ensure the padname is valid and the url doesn't end with a / // ensure the padname is valid and the url doesn't end with a /
@ -17,12 +19,12 @@ exports.expressCreateServer = function (hook_name, args, cb) {
next(); next();
} else { } else {
// the pad id was sanitized, so we redirect to the sanitized version // the pad id was sanitized, so we redirect to the sanitized version
let real_url = sanitizedPadId; let realURL = sanitizedPadId;
real_url = encodeURIComponent(real_url); realURL = encodeURIComponent(realURL);
const query = url.parse(req.url).query; const query = url.parse(req.url).query;
if (query) real_url += `?${query}`; if (query) realURL += `?${query}`;
res.header('Location', real_url); res.header('Location', realURL);
res.status(302).send(`You should be redirected to <a href="${real_url}">${real_url}</a>`); res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
} }
}); });
return cb(); return cb();