Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sanitize function for redirect parameter next #1401

Merged
merged 2 commits into from
Jul 16, 2024
Merged

Add sanitize function for redirect parameter next #1401

merged 2 commits into from
Jul 16, 2024

Conversation

VladyslavTy
Copy link

@VladyslavTy VladyslavTy commented Jul 2, 2024
edited
Loading

Change description

Problem: The next parameter used with the /login route is incorrectly decoded, so the redirection happens to the wrong URL. When the next parameter contains a + sign, the application encodes it as a space value. For example:
...?next=courses/course-v1:snowflake-sandbox+ACC-PTF+C/course - at the moment of redirection this route will be encoded as ...?next=courses/course-v1:snowflake-sandbox%20ACC-PTF%20C/course where the %20 is encoded space symbol. So, the user will see the 404 page instead of the course page.

image

Fix:
Add the sanitize function which will check the next parameter:

  • If the next parameter looks like the course route - replace the + symbols with the right ASCII code %2B
  • If the next parameter is not the course route - keep this parameter as it is
image

Type of change

  • Bug fix (fixes an issue)
  • New feature (adds functionality)

Related issues

Related to ENG-567

Checklists

Development

  • Lint rules pass locally
  • Application changes have been tested thoroughly
  • Automated tests covering modified code pass

Security

  • Security impact of change has been considered
  • Code follows company security practices and guidelines

Code review

  • Pull request has a descriptive title and context useful to a reviewer. Screenshots or screencasts are attached as necessary
  • "Ready for review" label attached and reviewers assigned
  • Changes have been reviewed by at least one other contributor
  • Pull request linked to task tracker where applicable

@VladyslavTy VladyslavTy self-assigned this Jul 2, 2024
jfaMan
jfaMan approved these changes Jul 3, 2024
View reviewed changes
Copy link

@jfaMan jfaMan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 Appreciate the helpful description!

One of the checks mentions a merge conflict though.

@VladyslavTy VladyslavTy mentioned this pull request Jul 15, 2024
Closed
11 tasks
@github-actions GitHub Actions
Copy link

Checking git merge conflicts against https://github.com/openedx/edx-platform.git

Comparing with open-release/nutmeg.master
Benchmark conflicts with main 299
Current conflicts 301
Summary Adds 2 new conflicts. How can we do better?
Comparing with master
Benchmark conflicts with main 329
Current conflicts 331
Summary Adds 2 new conflicts. How can we do better?

@VladyslavTy VladyslavTy merged commit 452e1b9 into main Jul 16, 2024
11 checks passed
@VladyslavTy VladyslavTy deleted the vladyslav/add-sanitize-next-parameter-helper branch July 16, 2024 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfaMan jfaMan jfaMan approved these changes

@daniilly daniilly Awaiting requested review from daniilly

Assignees

@VladyslavTy VladyslavTy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@VladyslavTy @jfaMan