Merge branch 'bugfix/missing-url-encoding-oauth-token-redirect' into 'develop'

Add missing URL encoding in create authorization redirect See merge request pleroma/pleroma!338
2018-09-09 23:09:43 +00:00 · 2018-09-09 23:09:43 +00:00 · 7b96d20328
parent 3f64ba5fc8 801d645c6b
commit 7b96d20328
1 changed files with 7 additions and 4 deletions
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@ -39,15 +39,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do
        })
      else
        connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?"
-        url = "#{redirect_uri}#{connector}code=#{auth.token}"
+        url = "#{redirect_uri}#{connector}"
+        url_params = %{:code => auth.token}

-        url =
+        url_params =
          if params["state"] do
-            url <> "&state=#{params["state"]}"
+            Map.put(url_params, :state, params["state"])
          else
-            url
+            url_params
          end

+        url = "#{url}#{Plug.Conn.Query.encode(url_params)}"
+
        redirect(conn, external: url)
      end
    end