Fix open redirect vulnerability during trailing slash redirect.

[bharath6365]

No description provided.

[boutell]

Please explain how to reproduce the vulnerability. Apostrophe's slug validator should not be recording any double slashes.

[bharath6365]

Steps to Reproduce

1. Go to any website powered by Apostrophe. In this case I'm making use of the demo site http://dashboard.apostrophecmsdemo.org/

2. Visit this URL http://dashboard.apostrophecmsdemo.org/%2f%2fgoogle.com%2f
   As you can see its url encoded. (%2f is decoded as /). Now there will be a redirect because apostrophe doesn't accept trailing slashes.

3. Check the location header sent for the redirect.
   https://www.evernote.com/l/ApTvRWGFoRBArb2F71MkT0XYmjer-lKP1BQB/image.png

4. The page actually redirects to google.com.

[boutell]

You're right. I think replacing any series of multiple slashes with a single slash would be sufficient and would have a lesser impact on innocent code that could be out there; what do you think? Can you see a way to exploit that?

[boutell]

I pushed a fix for this that has a lesser impact, it just replaces multiple-slash sequences with a single slash. I'm working on releasing that now. Thank you for the report.

[boutell]

This was npm published yesterday. Thanks again for the report.

[bharath6365]

Thank you so much :)

…

On Thu, Jun 27, 2019 at 8:47 PM Tom Boutell ***@***.***> wrote: This was npm published yesterday. Thanks again for the report. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1956?email_source=notifications&email_token=ADCP5CAKC7VKUOGBGHUIFFLP4TKZHA5CNFSM4H3TY47KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYXONUY#issuecomment-506390227>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADCP5CHTXOKL4JB5LD36NDDP4TKZHANCNFSM4H3TY47A> .