Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert "simplify input checking"

Browse source 
This reverts commit 62a3212629.
This commit is contained in:
acalcutt 2025-01-05 02:46:42 -05:00
parent ecfcaeb1a5
commit 097c0e1455
1 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/utils.js
View file

@ -215,22 +215,31 @@ export function readFile(filename) {
*/ */
async function getFontPbf(allowedFonts, fontPath, name, range, fallbacks) { async function getFontPbf(allowedFonts, fontPath, name, range, fallbacks) {
if (!allowedFonts || (allowedFonts[name] && fallbacks)) { if (!allowedFonts || (allowedFonts[name] && fallbacks)) {
const sRange = String(range).replace(/\n|\r/g, ''); const fontMatch = name?.match(/^[\w\s-]+$/);
const sFontStack = String(name).replace(/\n|\r/g, ''); const sanitizedName = fontMatch?.[0] || 'invalid';
if (!sFontStack || name.trim() === '') { if (!name || typeof name !== 'string' || name.trim() === '' || !fontMatch) {
console.error('ERROR: Invalid font name'); console.error(
'ERROR: Invalid font name: %s',
sanitizedName.replace(/\n|\r/g, ''),
);
throw new Error('Invalid font name'); throw new Error('Invalid font name');
} }
if (!/^\d+-\d+$/.test(sRange)) { const rangeMatch = range?.match(/^[\d-]+$/);
const sanitizedRange = rangeMatch?.[0] || 'invalid';
if (!/^\d+-\d+$/.test(range)) {
console.error( console.error(
'ERROR: Invalid range: %s', 'ERROR: Invalid range: %s',
sanitizedRange.replace(/\n|\r/g, ''), sanitizedRange.replace(/\n|\r/g, ''),
); );
throw new Error('Invalid range'); throw new Error('Invalid range');
} }
const filename = path.join(
fontPath,
sanitizedName,
`${sanitizedRange}.pbf`,
);
const filename = path.join(fontPath, sFontStack, `${sRange}.pbf`);
if (!fallbacks) { if (!fallbacks) {
fallbacks = clone(allowedFonts || {}); fallbacks = clone(allowedFonts || {});
} }