vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

PS-2450 EC-1073 Do not decode and normalize query (#4708) 

Co-authored-by: Jake Fink <jfink@bitwarden.com>
This commit is contained in:
Matt Gibson 2023-02-10 12:34:19 -05:00 committed by GitHub
parent 6a7a7299c2
commit 13746c1840
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libs/common/src/services/api.service.ts
View File

@ -1991,7 +1991,9 @@ export class ApiService implements ApiServiceAbstraction {
apiUrl = Utils.isNullOrWhitespace(apiUrl) ? this.environmentService.getApiUrl() : apiUrl;
// Prevent directory traversal from malicious paths
const requestUrl = apiUrl + Utils.normalizePath(path);
const pathParts = path.split("?");
const requestUrl =
apiUrl + Utils.normalizePath(pathParts[0]) + (pathParts.length > 1 ? `?${pathParts[1]}` : "");
const headers = new Headers({
"Device-Type": this.deviceType,