1
0
Fork 0
forked from svrjs/svrjs

Fix URL sanitiation and rewriting-related functions removing query strings and hashes.

This commit is contained in:
Dorian Niemiec 2024-08-24 20:44:43 +02:00
parent 3613aa92d2
commit 2075d41ab3
4 changed files with 4 additions and 44 deletions

View file

@ -1,5 +1,4 @@
const fs = require("fs"); const fs = require("fs");
const url = require("url");
module.exports = (req, res, logFacilities, config, next) => { module.exports = (req, res, logFacilities, config, next) => {
// Trailing slash redirection // Trailing slash redirection
@ -21,17 +20,7 @@ module.exports = (req, res, logFacilities, config, next) => {
res.error(500, err); res.error(500, err);
} }
} else { } else {
var destinationURL = new url.Url(); res.redirect(req.originalParsedURL.pathname + "/" + req.parsedURL.search + req.parsedURL.hash);
destinationURL.path = null;
destinationURL.href = null;
destinationURL.pathname = req.originalParsedURL.pathname + "/";
destinationURL.hostname = null;
destinationURL.host = null;
destinationURL.port = null;
destinationURL.protocol = null;
destinationURL.slashes = null;
destinationURL = url.format(destinationURL);
res.redirect(destinationURL);
} }
}, },
); );

View file

@ -1,5 +1,4 @@
const fs = require("fs"); const fs = require("fs");
const url = require("url");
const createRegex = require("../utils/createRegex.js"); const createRegex = require("../utils/createRegex.js");
const ipMatch = require("../utils/ipMatch.js"); const ipMatch = require("../utils/ipMatch.js");
const sanitizeURL = require("../utils/urlSanitizer.js"); const sanitizeURL = require("../utils/urlSanitizer.js");
@ -126,16 +125,7 @@ module.exports = (req, res, logFacilities, config, next) => {
logFacilities.errmessage("Content blocked."); logFacilities.errmessage("Content blocked.");
return; return;
} else if (sHref != req.parsedURL.pathname) { } else if (sHref != req.parsedURL.pathname) {
var rewrittenAgainURL = new url.Url(); var rewrittenAgainURL = sHref + req.parsedURL.search + req.parsedURL.hash;
rewrittenAgainURL.path = null;
rewrittenAgainURL.href = null;
rewrittenAgainURL.pathname = sHref;
rewrittenAgainURL.hostname = null;
rewrittenAgainURL.host = null;
rewrittenAgainURL.port = null;
rewrittenAgainURL.protocol = null;
rewrittenAgainURL.slashes = null;
rewrittenAgainURL = url.format(rewrittenAgainURL);
logFacilities.resmessage( logFacilities.resmessage(
"URL sanitized: " + req.url + " => " + rewrittenAgainURL, "URL sanitized: " + req.url + " => " + rewrittenAgainURL,
); );

View file

@ -1,5 +1,4 @@
const sanitizeURL = require("../utils/urlSanitizer.js"); const sanitizeURL = require("../utils/urlSanitizer.js");
const url = require("url");
module.exports = (req, res, logFacilities, config, next) => { module.exports = (req, res, logFacilities, config, next) => {
// Sanitize URL // Sanitize URL
@ -12,16 +11,7 @@ module.exports = (req, res, logFacilities, config, next) => {
// Check if URL is "dirty" // Check if URL is "dirty"
if (req.parsedURL.pathname != sanitizedHref && !req.isProxy) { if (req.parsedURL.pathname != sanitizedHref && !req.isProxy) {
let sanitizedURL = new url.Url(); let sanitizedURL = sanitizedHref + req.parsedURL.search + req.parsedURL.hash;
sanitizedURL.path = null;
sanitizedURL.href = null;
sanitizedURL.pathname = sanitizedHref;
sanitizedURL.hostname = null;
sanitizedURL.host = null;
sanitizedURL.port = null;
sanitizedURL.protocol = null;
sanitizedURL.slashes = null;
sanitizedURL = url.format(sanitizedURL);
logFacilities.resmessage( logFacilities.resmessage(
"URL sanitized: " + req.url + " => " + sanitizedURL, "URL sanitized: " + req.url + " => " + sanitizedURL,
); );

View file

@ -113,16 +113,7 @@ module.exports = (req, res, logFacilities, config, next) => {
logFacilities.errmessage("Content blocked."); logFacilities.errmessage("Content blocked.");
return; return;
} else if (sHref != req.parsedURL.pathname) { } else if (sHref != req.parsedURL.pathname) {
var rewrittenAgainURL = new url.Url(); let rewrittenAgainURL = sHref + req.parsedURL.search + req.parsedURL.hash;
rewrittenAgainURL.path = null;
rewrittenAgainURL.href = null;
rewrittenAgainURL.pathname = sHref;
rewrittenAgainURL.hostname = null;
rewrittenAgainURL.host = null;
rewrittenAgainURL.port = null;
rewrittenAgainURL.protocol = null;
rewrittenAgainURL.slashes = null;
rewrittenAgainURL = url.format(rewrittenAgainURL);
logFacilities.resmessage( logFacilities.resmessage(
"URL sanitized: " + req.url + " => " + rewrittenAgainURL, "URL sanitized: " + req.url + " => " + rewrittenAgainURL,
); );