fix

mtrezza · mtrezza · commit 10142cc15e71 · 2025-10-29T13:36:30.000+01:00
diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -77,6 +77,7 @@ function initialize(app, options) {
     (req,res,next) => {
       let redirect = 'apps';
       if (req.body.redirect) {
+        // Strip leading slash from redirect to prevent double slashes
         redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect
       }
       return passport.authenticate('local', {
diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
@@ -1062,8 +1062,12 @@ You have direct access to the Parse database through function calls, so you can
     }
 
     app.get('/login', csrf(), function(req, res) {
-      const redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1];
+      let redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1];
       if (!users || (req.user && req.user.isAuthenticated)) {
+        // Strip leading slash from redirect to prevent double slashes or malformed URLs
+        if (redirectURL && redirectURL.charAt(0) === '/') {
+          redirectURL = redirectURL.substring(1);
+        }
         return res.redirect(`${mountPath}${redirectURL || 'apps'}`);
       }
 

Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,7 @@ function initialize(app, options) {`
`77`	`77`	`(req,res,next) => {`
`78`	`78`	`let redirect = 'apps';`
`79`	`79`	`if (req.body.redirect) {`
	`80`	`+ // Strip leading slash from redirect to prevent double slashes`
`80`	`81`	`redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect`
`81`	`82`	`}`
`82`	`83`	`return passport.authenticate('local', {`
Original file line number	Diff line number	Diff line change
`@@ -1062,8 +1062,12 @@ You have direct access to the Parse database through function calls, so you can`
`1062`	`1062`	`}`
`1063`	`1063`
`1064`	`1064`	`app.get('/login', csrf(), function(req, res) {`
`1065`		`- const redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1];`
	`1065`	`+ let redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1];`
`1066`	`1066`	`if (!users \|\| (req.user && req.user.isAuthenticated)) {`
	`1067`	`+ // Strip leading slash from redirect to prevent double slashes or malformed URLs`
	`1068`	`+ if (redirectURL && redirectURL.charAt(0) === '/') {`
	`1069`	`+ redirectURL = redirectURL.substring(1);`
	`1070`	`+ }`
`1067`	`1071`	return res.redirect(`${mountPath}${redirectURL \|\| 'apps'}`);
`1068`	`1072`	`}`
`1069`	`1073`