From 163a0302e46c041cb4ca4594a4d2948a862faa02 Mon Sep 17 00:00:00 2001 From: Miodec Date: Mon, 8 Apr 2024 12:52:04 +0200 Subject: [PATCH] fix(ape): escaping parameters if they are part of the url closes #5287 !nuf --- frontend/src/ts/ape/endpoints/ape-keys.ts | 6 ++++-- frontend/src/ts/ape/endpoints/presets.ts | 3 ++- frontend/src/ts/ape/endpoints/users.ts | 18 ++++++++++++------ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/frontend/src/ts/ape/endpoints/ape-keys.ts b/frontend/src/ts/ape/endpoints/ape-keys.ts index 6aa5c03e4..2c051f2ff 100644 --- a/frontend/src/ts/ape/endpoints/ape-keys.ts +++ b/frontend/src/ts/ape/endpoints/ape-keys.ts @@ -22,10 +22,12 @@ export default class ApeKeys { updates: { name?: string; enabled?: boolean } ): Ape.EndpointResponse { const payload = { ...updates }; - return await this.httpClient.patch(`${BASE_PATH}/${apeKeyId}`, { payload }); + const encoded = encodeURIComponent(apeKeyId); + return await this.httpClient.patch(`${BASE_PATH}/${encoded}`, { payload }); } async delete(apeKeyId: string): Ape.EndpointResponse { - return await this.httpClient.delete(`${BASE_PATH}/${apeKeyId}`); + const encoded = encodeURIComponent(apeKeyId); + return await this.httpClient.delete(`${BASE_PATH}/${encoded}`); } } diff --git a/frontend/src/ts/ape/endpoints/presets.ts b/frontend/src/ts/ape/endpoints/presets.ts index 9fdf29ac5..f5a726680 100644 --- a/frontend/src/ts/ape/endpoints/presets.ts +++ b/frontend/src/ts/ape/endpoints/presets.ts @@ -38,6 +38,7 @@ export default class Presets { async delete( presetId: string ): Ape.EndpointResponse { - return await this.httpClient.delete(`${BASE_PATH}/${presetId}`); + const encoded = encodeURIComponent(presetId); + return await this.httpClient.delete(`${BASE_PATH}/${encoded}`); } } diff --git a/frontend/src/ts/ape/endpoints/users.ts b/frontend/src/ts/ape/endpoints/users.ts index e4efff279..3d3cf16b0 100644 --- a/frontend/src/ts/ape/endpoints/users.ts +++ b/frontend/src/ts/ape/endpoints/users.ts @@ -26,7 +26,8 @@ export default class Users { } async getNameAvailability(name: string): Ape.EndpointResponse { - return await this.httpClient.get(`${BASE_PATH}/checkName/${name}`); + const encoded = encodeURIComponent(name); + return await this.httpClient.get(`${BASE_PATH}/checkName/${encoded}`); } async delete(): Ape.EndpointResponse { @@ -90,8 +91,9 @@ export default class Users { } async removeResultFilterPreset(id: string): Ape.EndpointResponse { + const encoded = encodeURIComponent(id); return await this.httpClient.delete( - `${BASE_PATH}/resultFilterPresets/${id}` + `${BASE_PATH}/resultFilterPresets/${encoded}` ); } @@ -111,12 +113,14 @@ export default class Users { } async deleteTag(tagId: string): Ape.EndpointResponse { - return await this.httpClient.delete(`${BASE_PATH}/tags/${tagId}`); + const encoded = encodeURIComponent(tagId); + return await this.httpClient.delete(`${BASE_PATH}/tags/${encoded}`); } async deleteTagPersonalBest(tagId: string): Ape.EndpointResponse { + const encoded = encodeURIComponent(tagId); return await this.httpClient.delete( - `${BASE_PATH}/tags/${tagId}/personalBest` + `${BASE_PATH}/tags/${encoded}/personalBest` ); } @@ -197,13 +201,15 @@ export default class Users { async getProfileByUid( uid: string ): Ape.EndpointResponse { - return await this.httpClient.get(`${BASE_PATH}/${uid}/profile?isUid`); + const encoded = encodeURIComponent(uid); + return await this.httpClient.get(`${BASE_PATH}/${encoded}/profile?isUid`); } async getProfileByName( name: string ): Ape.EndpointResponse { - return await this.httpClient.get(`${BASE_PATH}/${name}/profile`); + const encoded = encodeURIComponent(name); + return await this.httpClient.get(`${BASE_PATH}/${encoded}/profile`); } async updateProfile(