From a791291ccadcec2ceb75ab5dc24fb4fa2c3d6682 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 27 Feb 2018 15:42:26 -0700 Subject: [PATCH] backport lost commits --- README.md | 8 ++++---- index.js | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 2635d1c..027fa54 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ server.on('request', require('redirect-https')({ })); server.listen(insecurePort, function () { - console.log('Listening on http://localhost.daplie.com:' + server.address().port); + console.log('Listening on http://localhost.pplwink.com:' + server.address().port); }); ``` @@ -81,6 +81,6 @@ If your application is properly separated between static assets and api, then it The incoming URL is already URI encoded by the browser but, just in case, I run an html escape on it so that no malicious links of this sort will yield unexpected behavior: - * `http://localhost.daplie.com:8080/">` - * `http://localhost.daplie.com:8080/';URL=http://example.com` - * `http://localhost.daplie.com:8080/;URL=http://example.com` + * `http://localhost.pplwink.com:8080/">` + * `http://localhost.pplwink.com:8080/';URL=http://example.com` + * `http://localhost.pplwink.com:8080/;URL=http://example.com` diff --git a/index.js b/index.js index 3d18720..c8140af 100644 --- a/index.js +++ b/index.js @@ -13,7 +13,7 @@ module.exports = function (opts) { opts.body = ""; } - opts.body = opts.body.replace(/{{\s+PORT\s+}}/i, opts.port); + opts.body = opts.body.replace(/{{\s+PORT\s+}}/ig, opts.port); return function (req, res, next) { if (req.connection.encrypted @@ -24,7 +24,7 @@ module.exports = function (opts) { return; } - var url = req.url; + var url = (req.originalUrl || req.url); var host = req.headers.host || ''; if (!/:\d+/.test(host) && 443 !== opts.port) { // we are using standard port 80, but we aren't using standard port 443 @@ -35,14 +35,14 @@ module.exports = function (opts) { ; //var encodedLocation = encodeURI(newLocation); var escapedLocation = escapeHtml(newLocation); - var encodedLocation; + var decodedLocation; try { - encodedLocation = decodeURIComponent(newLocation); + decodedLocation = decodeURIComponent(newLocation); } catch(e) { - encodedLocation = newLocation; // "#/error/?error_message=" + e.toString(); + decodedLocation = newLocation; // "#/error/?error_message=" + e.toString(); } var body = opts.body - .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(encodedLocation)) + .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation)) .replace(/{{\s*URL\s*}}/ig, escapedLocation) .replace(/{{\s*UNSAFE_URL\s*}}/ig, newLocation) ;