From 3def0d2c4561c3e85b3aa885243c0d2b6df22e31 Mon Sep 17 00:00:00 2001
From: acalcutt <acalcutt@techidiots.net>
Date: Sat, 4 Jan 2025 22:58:11 -0500
Subject: [PATCH] codeql

---
 src/serve_font.js  |  8 ++++----
 src/serve_style.js | 12 +++++++-----
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/serve_font.js b/src/serve_font.js
index f80c420..09f34b1 100644
--- a/src/serve_font.js
+++ b/src/serve_font.js
@@ -50,8 +50,8 @@ export async function serve_font(options, allowedFonts, programOpts) {
     if (verbose) {
       console.log(
         `Handling font request for: /fonts/%s/%s.pbf`,
-        sanitizedFontStack,
-        sanitizedRange,
+        sanitizedFontStack.replace(/\n|\r/g, ''),
+        sanitizedRange.replace(/\n|\r/g, ''),
       );
     }
 
@@ -80,8 +80,8 @@ export async function serve_font(options, allowedFonts, programOpts) {
     } catch (err) {
       console.error(
         `Error serving font: %s/%s.pbf, Error: %s`,
-        fontstack,
-        sanitizedRange,
+        sanitizedFontStack.replace(/\n|\r/g, ''),
+        sanitizedRange.replace(/\n|\r/g, ''),
         String(err),
       );
       return res
diff --git a/src/serve_style.js b/src/serve_style.js
index 63d7df4..36975ec 100644
--- a/src/serve_style.js
+++ b/src/serve_style.js
@@ -56,7 +56,7 @@ export const serve_style = {
       if (verbose) {
         console.log(
           'Handling style request for: /styles/%s/style.json',
-          String(id),
+          String(id).replace(/\n|\r/g, ''),
         );
       }
       try {
@@ -103,10 +103,12 @@ export const serve_style = {
      */
     app.get(`/:id/sprite{/:spriteID}{@:scale}{.:format}`, (req, res, next) => {
       const { spriteID = 'default', id, format, scale } = req.params;
-      const sanitizedId = String(id);
-      const sanitizedScale = scale ? String(scale) : '';
-      const sanitizedSpriteID = String(spriteID);
-      const sanitizedFormat = format ? '.' + String(format) : '';
+      const sanitizedId = String(id).replace(/\n|\r/g, '');
+      const sanitizedScale = scale ? String(scale).replace(/\n|\r/g, '') : '';
+      const sanitizedSpriteID = String(spriteID).replace(/\n|\r/g, '');
+      const sanitizedFormat = format
+        ? '.' + String(format).replace(/\n|\r/g, '')
+        : '';
       if (verbose) {
         console.log(
           `Handling sprite request for: /styles/%s/sprite/%s%s%s`,