Fixed sanitization issue in subscribers

no issue - Added sanitization to subscribed_url & subscribed_referrer fields when rendering error state Credits: Antony Garand
TryGhost · Nov 7, 2018 · 48eaa3e · 48eaa3e
1 parent 2208af7
commit 48eaa3e
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/core/server/apps/subscribers/lib/router.js b/core/server/apps/subscribers/lib/router.js
@@ -24,6 +24,10 @@ function controller(req, res) {
     }
 }
 
+function validateUrl(url) {
+    return validator.isEmptyOrURL(url || '') ? url : '';
+}
+
 /**
  * Takes care of sanitizing the email input.
  * XSS prevention.
@@ -33,6 +37,8 @@ function errorHandler(error, req, res, next) {
     /*jshint unused:false */
 
     req.body.email = '';
+    req.body.subscribed_url = validateUrl(req.body.subscribed_url);
+    req.body.subscribed_referrer = validateUrl(req.body.subscribed_referrer);
 
     if (error.statusCode !== 404) {
         res.locals.error = error;
@@ -52,10 +58,6 @@ function honeyPot(req, res, next) {
     next();
 }
 
-function validateUrl(url) {
-    return validator.isEmptyOrURL(url || '') ? url : '';
-}
-
 function handleSource(req, res, next) {
     req.body.subscribed_url = validateUrl(req.body.location);
     req.body.subscribed_referrer = validateUrl(req.body.referrer);