From 397a9f8915376af583aa9adb4c2f37266c0e53d8 Mon Sep 17 00:00:00 2001
From: Michael Jackson <michael@jackson.us>
Date: Sat, 18 May 2019 21:58:07 -0700
Subject: [PATCH] Inline query sanitizer

---
 modules/middleware/validateQuery.js | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/modules/middleware/validateQuery.js b/modules/middleware/validateQuery.js
index 4d2d185..9b3fade 100644
--- a/modules/middleware/validateQuery.js
+++ b/modules/middleware/validateQuery.js
@@ -10,22 +10,19 @@ function isKnownQueryParam(param) {
   return !!knownQueryParams[param];
 }
 
-function sanitizeQuery(originalQuery) {
-  const query = {};
-
-  Object.keys(originalQuery).forEach(param => {
-    if (isKnownQueryParam(param)) query[param] = originalQuery[param];
-  });
-
-  return query;
-}
-
 /**
  * Reject URLs with invalid query parameters to increase cache hit rates.
  */
 export default function validateQuery(req, res, next) {
-  if (!Object.keys(req.query).every(isKnownQueryParam)) {
-    return res.redirect(302, req.path + createSearch(sanitizeQuery(req.query)));
+  const keys = Object.keys(req.query);
+
+  if (!keys.every(isKnownQueryParam)) {
+    const newQuery = keys.filter(isKnownQueryParam).reduce((query, key) => {
+      query[key] = req.query[key];
+      return query;
+    }, {});
+
+    return res.redirect(302, req.path + createSearch(newQuery));
   }
 
   next();