search

fablabbcn / smartcitizen-kit-20

Smart Citizen Kit 2.0 hardware and firmware
https://smartcitizen.me
GNU General Public License v3.0
37 stars 9 forks source link

Escape password and wifi string #16

Closed viktorsmari closed 5 years ago

viktorsmari commented 5 years ago

@vicobarberan FYI: I branch out of the last pull request I made last week #14 because I did not want to get into merge conflicts.

You should probably check out this branch and test this branch with the Kit before merging to master.

Problem:

If a user had the ampersand & in a password, it could result in the kit cutting of the string. Example 'abc&def' would become just 'abc'

Solution

Now the frontend posts an escaped string like &password=aa%3Daabb%3Fbbcc%26cc&token=ffffff and to handle this, the Kit MUST revert this with some kind of 'unescape' function

vicobarberan commented 5 years ago

Replaced escape() with encodeURIcomponent() and no kit modificationes needed. Tested and working.