Diplomarbeit-Absolventenverein/oqtane.framework
6
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

HTML encode notifications sent by non-admins to prevent HTML injection

Browse Source
This commit is contained in:
sbwalker
2023-12-13 10:07:21 -05:00
parent ac701f28b5
commit 6621983a9c
7 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Oqtane.Server/Infrastructure/Middleware/TenantMiddleware.cs
View File

@ -58,21 +58,21 @@ namespace Oqtane.Infrastructure
{
if (path.StartsWith("/" + alias.Path) && (Constants.ReservedRoutes.Any(item => path.Contains("/" + item + "/"))))
{
context.Request.Path = path.Replace("/" + alias.Path, "");
context.Request.Path = path.Substring(alias.Path.Length + 1);
}
}
// handle sitemap.xml root request (does not support subfolder aliases)
if (context.Request.Path.StartsWithSegments("/sitemap.xml"))
// handle sitemap.xml request
if (context.Request.Path.ToString().Contains("/sitemap.xml") && !context.Request.Path.ToString().Contains("/pages"))
{
context.Request.Path = "/pages" + context.Request.Path;
context.Request.Path = "/pages/sitemap.xml";
}
// handle robots.txt root request (does not support subfolder aliases)
if (context.Request.Path.StartsWithSegments("/robots.txt"))
if (context.Request.Path.StartsWithSegments("/robots.txt") && string.IsNullOrEmpty(alias.Path))
{
// allow all and specify site map
var robots = $"User-agent: *\n\nSitemap: {context.Request.Scheme}://{alias.Name}/pages/sitemap.xml";
// allow all user agents and specify site map
var robots = $"User-agent: *\n\nSitemap: {context.Request.Scheme}://{alias.Name}/sitemap.xml";
context.Response.ContentType = "text/plain";
await context.Response.WriteAsync(robots);
return;