From 5d6008431cbc85695345f8220879093591f7463c Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Tue, 23 Jun 2026 14:48:25 -0400 Subject: [PATCH] fix(pres_mgmt): encodeURIComponent for poc_sign_in_url + null-key guard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - poc_sign_in_url derived: replace encodeURI() with per-param encodeURIComponent() — same fix applied to presenter URLs. passcodes may contain special characters; encodeURI() would leave them unencoded. - session_sign_in(): guard the presentation_id and presenter_id auth__kv writes so they only run when non-null. A pure POC link has neither param in the URL, so writing auth__kv[null] was creating junk 'null' string keys that never matched anything. Co-Authored-By: Claude Sonnet 4.6 --- .../[session_id]/ae_comp__session_view.svelte | 4 +--- src/routes/events/[event_id]/sign_in_out.svelte | 13 ++++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte b/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte index d2f887bb..774da1a4 100644 --- a/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte +++ b/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte @@ -145,9 +145,7 @@ let default_end_datetime = $derived(event_start_date ? `${event_start_date}T09:0 // session_id is required as a query param so sign_in_out.svelte calls session_sign_in(). let poc_sign_in_url = $derived( $lq__event_session_obj?.poc_person_id && $lq__event_session_obj?.poc_person_passcode - ? encodeURI( - `${$ae_loc.url_origin}/events/${$lq__event_session_obj.event_id}/session/${$lq__event_session_obj.event_session_id}?person_id=${$lq__event_session_obj.poc_person_id}&person_pass=${$lq__event_session_obj.poc_person_passcode}&session_id=${$lq__event_session_obj.event_session_id}` - ) + ? `${$ae_loc.url_origin}/events/${$lq__event_session_obj.event_id}/session/${$lq__event_session_obj.event_session_id}?person_id=${encodeURIComponent($lq__event_session_obj.poc_person_id)}&person_pass=${encodeURIComponent($lq__event_session_obj.poc_person_passcode)}&session_id=${encodeURIComponent($lq__event_session_obj.event_session_id)}` : null ); diff --git a/src/routes/events/[event_id]/sign_in_out.svelte b/src/routes/events/[event_id]/sign_in_out.svelte index f36fc2d7..b5861453 100644 --- a/src/routes/events/[event_id]/sign_in_out.svelte +++ b/src/routes/events/[event_id]/sign_in_out.svelte @@ -275,11 +275,14 @@ function session_sign_in() { events_auth_loc.current.auth__kv.person[$events_sess.auth__person.person_id] = true; events_auth_loc.current.auth__kv.session[$events_sess.auth__person.session_id] = true; - events_auth_loc.current.auth__kv.presentation[ - $events_sess.auth__person.presentation_id - ] = false; // Set to false for session POC (LCI Champions). - events_auth_loc.current.auth__kv.presenter[$events_sess.auth__person.presenter_id] = - false; // Set to false for session POC (LCI Champions). + // Only write these if non-null — a POC link has no presentation_id/presenter_id in the + // URL, and writing auth__kv[null] would set a junk 'null' string key. + if ($events_sess.auth__person.presentation_id) { + events_auth_loc.current.auth__kv.presentation[$events_sess.auth__person.presentation_id] = false; // false = POC has no presentation-level access + } + if ($events_sess.auth__person.presenter_id) { + events_auth_loc.current.auth__kv.presenter[$events_sess.auth__person.presenter_id] = false; // false = POC is not a presenter + } // Setting again here... just because for now. // $events_slct.event_presentation_id = $events_sess.auth__person.presentation_id;