gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix only allow redirects on whitelist

Browse Source
This commit is contained in:
Berkeley Martinez
2015-09-23 14:54:08 -07:00
parent d573474525
commit baab92e3a0
1 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/middlewares/add-return-to.js
View File

@ -12,20 +12,28 @@ const pathsOfNoReturn = [
'css' 'css'
]; ];
const pathsWhiteList = [
'news',
'challenges',
'map',
'news'
];
const pathsOfNoReturnRegex = new RegExp(pathsOfNoReturn.join('|'), 'i'); const pathsOfNoReturnRegex = new RegExp(pathsOfNoReturn.join('|'), 'i');
const whiteListRegex = new RegExp(pathsWhiteList.join('|'), 'i');
export default function addReturnToUrl() { export default function addReturnToUrl() {
return function(req, res, next) { return function(req, res, next) {
// Remember original destination before login. // Remember original destination before login.
var path = req.path.split('/')[1]; var path = req.path.split('/')[1];
var subPath = req.path.split('/')[2];
if (req.method !== 'GET') { if (
return next(); req.method !== 'GET' ||
} pathsOfNoReturnRegex.test(path) ||
if (pathsOfNoReturnRegex.test(path)) { !whiteListRegex.test(path) ||
return next(); (/news/i).test(path) && (/hot/i).test(subPath)
} ) {
if (/\/stories\/\w+/i.test(req.path)) {
return next(); return next();
} }
req.session.returnTo = req.path; req.session.returnTo = req.path;