use readFile, add path.normalize
This commit is contained in:
acalcutt
parent
1f693003ed
commit
340e5db60a
2 changed files with 17 additions and 8 deletions
|
|
@ -13,7 +13,6 @@ import '@maplibre/maplibre-gl-native';
|
||||||
// SECTION END
|
// SECTION END
|
||||||
|
|
||||||
import advancedPool from 'advanced-pool';
|
import advancedPool from 'advanced-pool';
|
||||||
import fs from 'node:fs';
|
|
||||||
import path from 'path';
|
import path from 'path';
|
||||||
import url from 'url';
|
import url from 'url';
|
||||||
import util from 'util';
|
import util from 'util';
|
||||||
|
|
@ -35,6 +34,7 @@ import {
|
||||||
fixTileJSONCenter,
|
fixTileJSONCenter,
|
||||||
fetchTileData,
|
fetchTileData,
|
||||||
allowedOptions,
|
allowedOptions,
|
||||||
|
readFile,
|
||||||
} from './utils.js';
|
} from './utils.js';
|
||||||
import { openPMtiles, getPMtilesInfo } from './pmtiles_adapter.js';
|
import { openPMtiles, getPMtilesInfo } from './pmtiles_adapter.js';
|
||||||
import { renderOverlay, renderWatermark, renderAttribution } from './render.js';
|
import { renderOverlay, renderWatermark, renderAttribution } from './render.js';
|
||||||
|
|
@ -1092,9 +1092,13 @@ export const serve_rendered = {
|
||||||
const file = decodeURIComponent(req.url).substring(
|
const file = decodeURIComponent(req.url).substring(
|
||||||
protocol.length + 3,
|
protocol.length + 3,
|
||||||
);
|
);
|
||||||
fs.readFile(path.join(dir, file), (err, data) => {
|
readFile(path.join(dir, file))
|
||||||
callback(err, { data: data });
|
.then((data) => {
|
||||||
});
|
callback(null, { data: data });
|
||||||
|
})
|
||||||
|
.catch((err) => {
|
||||||
|
callback(err, null);
|
||||||
|
});
|
||||||
} else if (protocol === 'fonts') {
|
} else if (protocol === 'fonts') {
|
||||||
const parts = req.url.split('/');
|
const parts = req.url.split('/');
|
||||||
const fontstack = decodeURIComponent(parts[2]);
|
const fontstack = decodeURIComponent(parts[2]);
|
||||||
|
|
@ -1217,9 +1221,13 @@ export const serve_rendered = {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
fs.readFile(file, (err, data) => {
|
readFile(file)
|
||||||
callback(err, { data: data });
|
.then((data) => {
|
||||||
});
|
callback(null, { data: data });
|
||||||
|
})
|
||||||
|
.catch((err) => {
|
||||||
|
callback(err, null);
|
||||||
|
});
|
||||||
} else {
|
} else {
|
||||||
throw Error(
|
throw Error(
|
||||||
`File does not exist: "${req.url}" - resolved to "${file}"`,
|
`File does not exist: "${req.url}" - resolved to "${file}"`,
|
||||||
|
|
|
||||||
|
|
@ -192,8 +192,9 @@ export function fixTileJSONCenter(tileJSON) {
|
||||||
*/
|
*/
|
||||||
export function readFile(filename) {
|
export function readFile(filename) {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
|
const sanitizedFilename = path.normalize(filename); // Normalize path, remove ..
|
||||||
// eslint-disable-next-line security/detect-non-literal-fs-filename
|
// eslint-disable-next-line security/detect-non-literal-fs-filename
|
||||||
fs.readFile(filename, (err, data) => {
|
fs.readFile(String(sanitizedFilename), (err, data) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
reject(err);
|
reject(err);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue