Closed VladyslavTy closed 2 months ago
Checking git merge conflicts against https://github.com/openedx/edx-platform.git
Comparing with | open-release/nutmeg.master |
---|---|
Benchmark conflicts with main |
299 |
Current conflicts | 301 |
Summary | Adds 2 new conflicts. How can we do better? |
Comparing with | master |
---|---|
Benchmark conflicts with main |
329 |
Current conflicts | 331 |
Summary | Adds 2 new conflicts. How can we do better? |
Change description
Problem: The
next
parameter used with the/login
route is incorrectly decoded, so the redirection happens to the wrong URL. When thenext
parameter contains a + sign, the application encodes it as a space value. For example:...?next=courses/course-v1:snowflake-sandbox+ACC-PTF+C/course
- at the moment of redirection this route will be encoded as...?next=courses/course-v1:snowflake-sandbox%20ACC-PTF%20C/course
where the %20 is encoded space symbol. So, the user will see the 404 page instead of the course page.Fix: Add the sanitize function which will check the next parameter:
Type of change
Related issues
Checklists
Development
Security
Code review