fix: [TA-199] getPhotographerList / getPromotionList params 미인코딩 쿼리스트링 오염 수정#101
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
getPhotographerList,getPromotionListAPI 함수가params: string을 URL에 직접 이어 붙여 특수문자 포함 시 쿼리스트링이 오염되던 버그 수정URLSearchParams로 변경하여 타입 레벨에서 인코딩 보장usePhotographerList,usePromotionList)는string타입 유지 (useEffect 의존성 참조 동등성 보장), 내부에서new URLSearchParams(params)변환SearchPage/index.tsx에서searchKeyword=${searchKeyword}직접 이어 붙이기 →new URLSearchParams({ searchKeyword }).toString()으로 수정 (핵심 취약점 수정)Test plan
#,%,&,=)가 포함된 검색어로 작가/이벤트 검색 → URL 오염 없이 정상 요청 확인