New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escaping username/roles parameters to allow usernames/roles with special characters. #3570
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basically a question of style, but shouldn't the call to encodeURIComponent
be added to the routes in Routes.jsx
instead to every occurrence in other source locations?
That way it can't be forgotten by other authors.
I totally understand your question and had the same idea at first. Unfortunately we cannot do it that way, because we also use those routes to generate the route map for our application and reuse the parameters with placeholders ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There still seem to be some places missing.
For example I'm unable to log in with a user named "foo/bar".
The Chrome Console shows the following error message:
There was an error fetching a resource: cannot GET http://127.0.0.1:9000/api/users/foo/bar (404). Additional information: HTTP 404 Not Found
Unhandled rejection Error: cannot GET http://127.0.0.1:9000/api/users/foo/bar (404)
ce490be
to
b1ad52a
Compare
✅, also rebased to current master. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. 👍
* Escaping username component to allow usernames with slash. * Allowing to handle deletion/updates of roles with special characters. * Allowing editing/updating/deleting users with special characters in name * Using proper route methods, escaping username in CurrentUserStore. Fixes #3569 (cherry picked from commit 34446c2)
* Escaping username component to allow usernames with slash. * Allowing to handle deletion/updates of roles with special characters. * Allowing editing/updating/deleting users with special characters in name * Using proper route methods, escaping username in CurrentUserStore. Fixes #3569 (cherry picked from commit 34446c2 / PR #3570)
Description
Motivation and Context
Before this change it was possible to create user/role names containing one or more slashes or other special characters, but it was not possible to delete them afterwards from the web interface.
After this change, the user/role name used to construct the URL to the backend is escaped properly, so deletions suceed even if the user/role name contains one or more special characters.
Fixes #3569. Should also be merged into
2.2
.Types of changes
Checklist: