Skip to content

Commit

Permalink
use encodeURIComponent for user supplied data
Browse files Browse the repository at this point in the history
  • Loading branch information
@legrego
legrego committed Apr 15, 2019
1 parent 08b0ac5 commit a03183d
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions x-pack/plugins/security/public/lib/api.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ export class UserAPIClient {
}

public static async getUser(username: string): Promise<User> {
const url = `${usersUrl}/${username}`;
const url = `${usersUrl}/${encodeURIComponent(username)}`;
return await kfetch({ pathname: url });
}

public static async deleteUser(username: string) {
const url = `${usersUrl}/${username}`;
const url = `${usersUrl}/${encodeURIComponent(username)}`;
await kfetch({ pathname: url, method: 'DELETE' }, {});
}

public static async saveUser(user: User) {
const url = `${usersUrl}/${user.username}`;
const url = `${usersUrl}/${encodeURIComponent(user.username)}`;
await kfetch({ pathname: url, body: JSON.stringify(user), method: 'POST' });
}

Expand All @@ -40,7 +40,7 @@ export class UserAPIClient {
}

public static async getRole(name: string): Promise<Role> {
const url = `${rolesUrl}/${name}`;
const url = `${rolesUrl}/${encodeURIComponent(name)}`;
return await kfetch({ pathname: url });
}

Expand All @@ -52,7 +52,7 @@ export class UserAPIClient {
data.password = currentPassword;
}
await kfetch({
pathname: `${usersUrl}/${username}/password`,
pathname: `${usersUrl}/${encodeURIComponent(username)}/password`,
method: 'POST',
body: JSON.stringify(data),
});
Expand Down

0 comments on commit a03183d

Please sign in to comment.