fix: wrap login redirect routes with encodeURIComponent (#11778)

### What This PR updates the `login` flow by wrapping redirect routes with `encodeURIComponent`. This ensures that special characters in URLs (such as ?, &, #) are properly encoded, preventing potential issues with navigation and redirection.
2025-03-19 16:17:01 -04:00
parent 240730fdf2
commit a02e4762d0
3 changed files with 16 additions and 2 deletions
--- a/packages/next/src/views/Login/LoginForm/index.tsx
+++ b/packages/next/src/views/Login/LoginForm/index.tsx
@@ -91,7 +91,13 @@ export const LoginForm: React.FC<{
      initialState={initialState}
      method="POST"
      onSuccess={handleLogin}
-      redirect={typeof searchParams?.redirect === 'string' ? searchParams.redirect : adminRoute}
+      redirect={
+        typeof searchParams?.redirect === 'string'
+          ? searchParams.redirect.startsWith('/')
+            ? searchParams.redirect
+            : encodeURIComponent(searchParams.redirect)
+          : adminRoute
+      }
      waitForAutocomplete
    >
      <div className={`${baseClass}__inputWrap`}>
--- a/packages/next/src/views/Login/index.tsx
+++ b/packages/next/src/views/Login/index.tsx
@@ -25,8 +25,15 @@ export function LoginView({ initPageResult, params, searchParams }: AdminViewSer
    routes: { admin },
  } = config

+  const redirectUrl =
+    typeof searchParams.redirect === 'string'
+      ? searchParams.redirect.startsWith('/') // If it's a relative path, keep it
+        ? searchParams.redirect
+        : encodeURIComponent(searchParams.redirect) // Otherwise, encode it
+      : admin
+
  if (user) {
-    redirect((searchParams.redirect as string) || admin)
+    redirect(redirectUrl)
  }

  const collectionConfig = payload?.collections?.[userSlug]?.config
--- a/packages/ui/src/views/Edit/index.tsx
+++ b/packages/ui/src/views/Edit/index.tsx
@@ -323,6 +323,7 @@ export function DefaultEditView({
      schemaPathSegments,
      isLockingEnabled,
      setDocumentIsLocked,
+      startRouteTransition,
    ],
  )