Fix return url in login and small cleanup in author model

Author: rxtur

src/App/Pages/Account/Login.cshtml

@@ -7,7 +7,7 @@
 <div class="form-login">
     @if (!User.Identity.IsAuthenticated)
     {
-    <form asp-route-returnurl="@ViewData["ReturnUrl"]" class="form" method="POST">
+    <form asp-route-returnurl="@HttpContext.Request.Query["ReturnUrl"]" class="form" method="POST">
         <div class="bf-account-header">
             <h1>Welcome!</h1>
             <p>You can sign in or go <a href="~/">back to blog</a>.</p>

src/App/Pages/Account/Login.cshtml.cs

@@ -1,4 +1,5 @@
-using Core.Data;
+using Core;
+using Core.Data;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
@@ -33,9 +34,8 @@ public void OnGet()
         {
         }
 
-        public async Task<IActionResult> OnPostAsync(string returnUrl = null)
+        public async Task<IActionResult> OnPostAsync([FromQuery]string returnUrl = null)
         {
-            ViewData["ReturnUrl"] = returnUrl;
             if (ModelState.IsValid)
             {
                 var result = await _sm.PasswordSignInAsync(UserName, Password, RememberMe, lockoutOnFailure: false);
@@ -54,6 +54,7 @@ public async Task<IActionResult> OnPostAsync(string returnUrl = null)
 
         private IActionResult RedirectToLocal(string returnUrl)
         {
+            returnUrl = returnUrl.SanitizePath();
             if (Url.IsLocalUrl(returnUrl))
             {
                 return Redirect(returnUrl);

src/App/Views/Themes/material/List.cshtml

@@ -124,7 +124,7 @@
                                     </template>
                                 </span>
                             </div>
-                            <h5 class="description">{{post.description}}</h5>
+                            <h5 class="description" v-html="post.description"></h5>
                             <img v-bind:src="webRoot + post.cover" class="thumbnail col-sm-12 wp-post-image" alt="">
                             <a href="#" class="btn btn-round btn-lg" style="margin-top: 25px">
                                 Read More

src/Core/Data/Domain/Author.cs

@@ -12,8 +12,6 @@ public Author() { }
         /// </summary>
         public int Id { get; set; }
 
-        [StringLength(160)]
-        public string AppUserId { get; set; }
         [StringLength(160)]
         public string AppUserName { get; set; }
         [EmailAddress]

src/Core/Extensions/StringExtensions.cs

@@ -214,6 +214,8 @@ static string RemoveExtraHyphen(string text)
 
         public static string SanitizePath(this string str)
         {
+            str = str.Replace("%2E", ".").Replace("%2F", "/");
+
             if (str.Contains("..") || str.Contains("//"))
                 throw new ApplicationException("Invalid directory path");
 
@@ -222,7 +224,9 @@ public static string SanitizePath(this string str)
 
         public static string SanitizeFileName(this string str)
         {
-            if (str.Contains("..") || str.Contains("//") || str.Count(x => x == '.') > 1)
+            str = str.SanitizePath();
+
+            if (str.Count(x => x == '.') > 1)
                 throw new ApplicationException("Invalid file name");
 
             return str;