chore: cleanup useless decodeURIComponent() calls (#1002)

* chore: cleanup useless decodeURIComponent() calls Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com> * chore: try to fix CodeQL failure "Polynomial regular expression" Fix 1: \d\.?\d* can backtrack catastrophically \d(\.\d*)? is safer Fix 2: Useless parenthesis around "enc:" Fix 3: The httpTester regex was misleading. It did not really check for "http". Simplified to show its true meaning. The behaviour should not have changed. Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com> * chore: try to optimize the regex further, to fix CodeQL failure Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com> * chore: consistency between previous changes, docs, and serve_style.js Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com> --------- Signed-off-by: Martin d'Allens <martin.dallens@liberty-rider.com>
2023-10-14 01:08:28 +02:00 · 2023-10-14 01:08:28 +02:00 · e8f64e2861
commit e8f64e2861
parent 3781054f2d
4 changed files with 8 additions and 11 deletions
--- a/docs/endpoints.rst
+++ b/docs/endpoints.rst
@ -35,7 +35,7 @@ Static images
 * All the static image endpoints additionally support following query parameters:
-  * ``path`` - ``((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))``
+  * ``path`` - ``((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)``
    * comma-separated ``lng,lat``, pipe-separated pairs
--- a/src/serve_rendered.js
+++ b/src/serve_rendered.js
@ -22,8 +22,8 @@ import { getFontsPbf, getTileUrls, fixTileJSONCenter } from './utils.js';
 const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
 const PATH_PATTERN =
-  /^((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))/;
+  /^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)/;
-const httpTester = /^(http(s)?:)?\/\//;
+const httpTester = /^\/\//;
 const mercator = new SphericalMercator();
 const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;
@ -158,10 +158,7 @@ const extractPathsFromQuery = (query, transformer) => {
    // Iterate through paths, parse and validate them
    for (const providedPath of providedPaths) {
      // Logic for pushing coords to path when path includes google polyline
-      if (
+      if (providedPath.includes('enc:') && PATH_PATTERN.test(providedPath)) {
        providedPath.includes('enc:') &&
        PATH_PATTERN.test(decodeURIComponent(providedPath))
      ) {
        // +4 because 'enc:' is 4 characters, everything after 'enc:' is considered to be part of the polyline
        const encIndex = providedPath.indexOf('enc:') + 4;
        const coords = polyline
@ -432,7 +429,7 @@ const drawMarkers = async (ctx, markers, z) => {
 * @param {number} z Map zoom level.
 */
 const drawPath = (ctx, path, query, pathQuery, z) => {
-  const splitPaths = decodeURIComponent(pathQuery).split('|');
+  const splitPaths = pathQuery.split('|');
  if (!path || path.length < 2) {
    return null;
--- a/src/serve_style.js
+++ b/src/serve_style.js
@ -9,7 +9,7 @@ import { validate } from '@maplibre/maplibre-gl-style-spec';
 import { getPublicUrl } from './utils.js';
-const httpTester = /^(http(s)?:)?\/\//;
+const httpTester = /^\/\//;
 const fixUrl = (req, url, publicUrl, opt_nokey) => {
  if (!url || typeof url !== 'string' || url.indexOf('local://') !== 0) {
--- a/test/static.js
+++ b/test/static.js
@ -180,7 +180,7 @@ describe('Static endpoints', function () {
          200,
          2,
          /image\/png/,
-          '?path=' + decodeURIComponent('enc:{{biGwvyGoUi@s_A|{@'),
+          '?path=' + encodeURIComponent('enc:{{biGwvyGoUi@s_A|{@'),
        );
      });
    });