Fix path concatenation vulnerability in user page

claude[bot] · N2D4 · claude[bot] · commit 29e9c2b20f1a · 2025-08-20T01:14:24.000Z
Prevents double slashes when handlerPath is '/' and endpointPath starts with '/'
by using proper path joining logic: handlerPath.replace(/\/?$/, '/') + endpointPath.replace(/^\//, '')

Co-authored-by: Konsti Wohlwend &lt;N2D4@users.noreply.github.com&gt;
diff --git a/apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/users/[userId]/page-client.tsx b/apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/users/[userId]/page-client.tsx
@@ -572,7 +572,7 @@ function SendEmailWithDomainDialog({
           baseUrl = domain.domain;
           handlerPath = domain.handlerPath;
         }
-        const callbackUrl = new URL(handlerPath + endpointPath, baseUrl).toString();
+        const callbackUrl = new URL(handlerPath.replace(/\/?$/, '/') + endpointPath.replace(/^\//, ''), baseUrl).toString();
         await onSubmit(callbackUrl);
       }}
     />

Original file line number	Diff line number	Diff line change
`@@ -572,7 +572,7 @@ function SendEmailWithDomainDialog({`
`572`	`572`	`baseUrl = domain.domain;`
`573`	`573`	`handlerPath = domain.handlerPath;`
`574`	`574`	`}`
`575`		`- const callbackUrl = new URL(handlerPath + endpointPath, baseUrl).toString();`
	`575`	`+ const callbackUrl = new URL(handlerPath.replace(/\/?$/, '/') + endpointPath.replace(/^\//, ''), baseUrl).toString();`
`576`	`576`	`await onSubmit(callbackUrl);`
`577`	`577`	`}}`
`578`	`578`	`/>`