Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

codeql

Browse source
This commit is contained in:
acalcutt 2025-01-04 02:49:01 -05:00
parent 4abc6164b7
commit bc85d7a1e5
1 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
src/serve_style.js
View file

@ -100,13 +100,16 @@ export const serve_style = {
*/ */
app.get(`/:id/sprite{/:spriteID}{@:scale}{.:format}`, (req, res, next) => { app.get(`/:id/sprite{/:spriteID}{@:scale}{.:format}`, (req, res, next) => {
const { spriteID = 'default', id, format, scale } = req.params; const { spriteID = 'default', id, format, scale } = req.params;
const sanitizedScale = scale ? String(scale) : '';
const sanitizedSpriteID = String(spriteID);
const sanitizedFormat = format ? '.' + String(format) : '';
if (verbose) { if (verbose) {
console.log( console.log(
`Handling sprite request for: /styles/%s/sprite/%s%s%s`, `Handling sprite request for: /styles/%s/sprite/%s%s%s`,
id, id,
spriteID, sanitizedSpriteID,
scale ? scale : '', sanitizedScale,
format ? '.' + format : '', sanitizedFormat,
); );
} }
const item = repo[id]; const item = repo[id];
@ -116,9 +119,9 @@ export const serve_style = {
console.error( console.error(
`Sprite item, format, or scale not found for: /styles/%s/sprite/%s%s%s`, `Sprite item, format, or scale not found for: /styles/%s/sprite/%s%s%s`,
id, id,
spriteID, sanitizedSpriteID,
scale ? scale : '', sanitizedScale,
format ? '.' + format : '', sanitizedFormat,
); );
return res.sendStatus(404); return res.sendStatus(404);
} }
@ -130,15 +133,14 @@ export const serve_style = {
console.error( console.error(
`Sprite not found for: /styles/%s/sprite/%s%s%s`, `Sprite not found for: /styles/%s/sprite/%s%s%s`,
id, id,
spriteID, sanitizedSpriteID,
scale ? scale : '', sanitizedScale,
format ? '.' + format : '', sanitizedFormat,
); );
return res.status(400).send('Bad Sprite ID or Scale'); return res.status(400).send('Bad Sprite ID or Scale');
} }
const sanitizedSpritePath = sprite.path.replace(/^(\.\.\/)+/, ''); const sanitizedSpritePath = sprite.path.replace(/^(\.\.\/)+/, '');
const filename = `${sanitizedSpritePath}${spriteScale}.${validatedFormat}`; const filename = `${sanitizedSpritePath}${spriteScale}.${validatedFormat}`;
if (verbose) console.log(`Loading sprite from: %s`, filename); if (verbose) console.log(`Loading sprite from: %s`, filename);
@ -163,9 +165,9 @@ export const serve_style = {
console.log( console.log(
`Responding with sprite data for /styles/%s/sprite/%s%s%s`, `Responding with sprite data for /styles/%s/sprite/%s%s%s`,
id, id,
spriteID, sanitizedSpriteID,
scale ? scale : '', sanitizedScale,
format ? '.' + format : '', sanitizedFormat,
); );
return res.send(data); return res.send(data);
}); });