summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWu Cheng-Han2016-12-03 14:37:24 +0800
committerWu Cheng-Han2016-12-03 14:37:24 +0800
commit778b6f32b3e46c003f47b4b380cfd64aaff91a93 (patch)
tree29174e23d782b757d2aef9ed3ebb8e9ec4639654
parent5958654ea4d722cb6af6a170da94c0d5373015d2 (diff)
Update to handle request with invalid uri
Diffstat (limited to '')
-rw-r--r--app.js11
1 files changed, 11 insertions, 0 deletions
diff --git a/app.js b/app.js
index 60b3c41d..1b2874a4 100644
--- a/app.js
+++ b/app.js
@@ -172,6 +172,17 @@ passport.deserializeUser(function (id, done) {
});
});
+// check uri is valid before going further
+app.use(function(req, res, next) {
+ try {
+ decodeURIComponent(req.path);
+ } catch (err) {
+ logger.error(err);
+ return response.errorBadRequest(res);
+ }
+ next();
+});
+
// redirect url with trailing slashes
app.use(function(req, res, next) {
if ("GET" == req.method && req.path.substr(-1) == '/' && req.path.length > 1) {