From aa936eaef41c7b0fafc4a98bc7ea1671c04aa906 Mon Sep 17 00:00:00 2001
From: acalcutt <acalcutt@techidiots.net>
Date: Sat, 4 Jan 2025 23:32:26 -0500
Subject: [PATCH] codeql

---
 src/serve_data.js     |  7 ++++++-
 src/serve_rendered.js | 20 ++++++++++++--------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/serve_data.js b/src/serve_data.js
index 685f18d..5bf637d 100644
--- a/src/serve_data.js
+++ b/src/serve_data.js
@@ -47,7 +47,12 @@ export const serve_data = {
     app.get('/:id/:z/:x/:y.:format', async (req, res) => {
       if (verbose) {
         console.log(
-          `Handling tile request for: /data/${req.params.id}/${req.params.z}/${req.params.x}/${req.params.y}.${req.params.format}`,
+          `Handling tile request for: /data/%s/%s/%s/%s.%s`,
+          String(id).replace(/\n|\r/g, ''),
+          String(z).replace(/\n|\r/g, ''),
+          String(x).replace(/\n|\r/g, ''),
+          String(y).replace(/\n|\r/g, ''),
+          String(format).replace(/\n|\r/g, ''),
         );
       }
       const item = repo[req.params.id];
diff --git a/src/serve_rendered.js b/src/serve_rendered.js
index f54cc49..850953b 100644
--- a/src/serve_rendered.js
+++ b/src/serve_rendered.js
@@ -962,13 +962,13 @@ export const serve_rendered = {
             console.log(
               `Handling rendered %s request for: /styles/%s%s/%s/%s/%s%s.%s`,
               requestType,
-              id,
-              p1 ? '/' + p1 : '',
-              p2,
-              p3,
-              p4,
-              scale ? '@' + scale : '',
-              format,
+              String(id).replace(/\n|\r/g, ''),
+              p1 ? '/' + String(p1).replace(/\n|\r/g, '') : '',
+              String(p2).replace(/\n|\r/g, ''),
+              String(p3).replace(/\n|\r/g, ''),
+              String(p4).replace(/\n|\r/g, ''),
+              scale ? '@' + String(scale).replace(/\n|\r/g, '') : '',
+              String(format).replace(/\n|\r/g, ''),
             );
           }
 
@@ -1019,7 +1019,11 @@ export const serve_rendered = {
       const tileSize = parseInt(req.params.tileSize, 10) || undefined;
       if (verbose) {
         console.log(
-          `Handling rendered tilejson request for: /styles/${tileSize ? tileSize + '/' : ''}${req.params.id}.json`,
+          `Handling rendered tilejson request for: /styles/%s%s.json`,
+          req.params.tileSize
+            ? String(req.params.tileSize).replace(/\n|\r/g, '') + '/'
+            : '',
+          String(req.params.id).replace(/\n|\r/g, ''),
         );
       }
       const info = clone(item.tileJSON);