From 06464008cc4fdd94d7cbadf87bfb2b5c5a3099e7 Mon Sep 17 00:00:00 2001
From: chris48s <chris48s@users.noreply.github.com>
Date: Sun, 28 Feb 2021 16:28:20 +0000
Subject: [PATCH] ensure redirect target path is correctly encoded (#6229)

Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
---
 core/base-service/redirector.js      |  2 +-
 core/base-service/redirector.spec.js | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/core/base-service/redirector.js b/core/base-service/redirector.js
index c733495589..1028f033a1 100644
--- a/core/base-service/redirector.js
+++ b/core/base-service/redirector.js
@@ -82,7 +82,7 @@ module.exports = function redirector(attrs) {
         trace.logTrace('inbound', emojic.ticket, 'Named params', namedParams)
         trace.logTrace('inbound', emojic.crayon, 'Query params', queryParams)
 
-        const targetPath = transformPath(namedParams)
+        const targetPath = encodeURI(transformPath(namedParams))
         trace.logTrace('validate', emojic.dart, 'Target', targetPath)
 
         let urlSuffix = ask.uri.search || ''
diff --git a/core/base-service/redirector.spec.js b/core/base-service/redirector.spec.js
index 57402e6232..ef051723cb 100644
--- a/core/base-service/redirector.spec.js
+++ b/core/base-service/redirector.spec.js
@@ -121,6 +121,20 @@ describe('Redirector', function () {
       )
     })
 
+    it('should correctly encode the redirect URL', async function () {
+      const { statusCode, headers } = await got(
+        `${baseUrl}/very/old/service/hello%0Dworld.svg?foobar=a%0Db`,
+        {
+          followRedirect: false,
+        }
+      )
+
+      expect(statusCode).to.equal(301)
+      expect(headers.location).to.equal(
+        '/new/service/hello%0Dworld.svg?foobar=a%0Db'
+      )
+    })
+
     describe('transformQueryParams', function () {
       const route = {
         base: 'another/old/service',
-- 
GitLab