codeql sanitize
This commit is contained in:
acalcutt
parent
bc85d7a1e5
commit
4fe9bda070
1 changed files with 5 additions and 5 deletions
|
|
@ -100,13 +100,14 @@ export const serve_style = {
|
||||||
*/
|
*/
|
||||||
app.get(`/:id/sprite{/:spriteID}{@:scale}{.:format}`, (req, res, next) => {
|
app.get(`/:id/sprite{/:spriteID}{@:scale}{.:format}`, (req, res, next) => {
|
||||||
const { spriteID = 'default', id, format, scale } = req.params;
|
const { spriteID = 'default', id, format, scale } = req.params;
|
||||||
|
const sanitizedId = String(id);
|
||||||
const sanitizedScale = scale ? String(scale) : '';
|
const sanitizedScale = scale ? String(scale) : '';
|
||||||
const sanitizedSpriteID = String(spriteID);
|
const sanitizedSpriteID = String(spriteID);
|
||||||
const sanitizedFormat = format ? '.' + String(format) : '';
|
const sanitizedFormat = format ? '.' + String(format) : '';
|
||||||
if (verbose) {
|
if (verbose) {
|
||||||
console.log(
|
console.log(
|
||||||
`Handling sprite request for: /styles/%s/sprite/%s%s%s`,
|
`Handling sprite request for: /styles/%s/sprite/%s%s%s`,
|
||||||
id,
|
sanitizedId,
|
||||||
sanitizedSpriteID,
|
sanitizedSpriteID,
|
||||||
sanitizedScale,
|
sanitizedScale,
|
||||||
sanitizedFormat,
|
sanitizedFormat,
|
||||||
|
|
@ -118,7 +119,7 @@ export const serve_style = {
|
||||||
if (verbose)
|
if (verbose)
|
||||||
console.error(
|
console.error(
|
||||||
`Sprite item, format, or scale not found for: /styles/%s/sprite/%s%s%s`,
|
`Sprite item, format, or scale not found for: /styles/%s/sprite/%s%s%s`,
|
||||||
id,
|
sanitizedId,
|
||||||
sanitizedSpriteID,
|
sanitizedSpriteID,
|
||||||
sanitizedScale,
|
sanitizedScale,
|
||||||
sanitizedFormat,
|
sanitizedFormat,
|
||||||
|
|
@ -132,7 +133,7 @@ export const serve_style = {
|
||||||
if (verbose)
|
if (verbose)
|
||||||
console.error(
|
console.error(
|
||||||
`Sprite not found for: /styles/%s/sprite/%s%s%s`,
|
`Sprite not found for: /styles/%s/sprite/%s%s%s`,
|
||||||
id,
|
sanitizedId,
|
||||||
sanitizedSpriteID,
|
sanitizedSpriteID,
|
||||||
sanitizedScale,
|
sanitizedScale,
|
||||||
sanitizedFormat,
|
sanitizedFormat,
|
||||||
|
|
@ -155,7 +156,6 @@ export const serve_style = {
|
||||||
);
|
);
|
||||||
return res.sendStatus(404);
|
return res.sendStatus(404);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (validatedFormat === 'json') {
|
if (validatedFormat === 'json') {
|
||||||
res.header('Content-type', 'application/json');
|
res.header('Content-type', 'application/json');
|
||||||
} else if (validatedFormat === 'png') {
|
} else if (validatedFormat === 'png') {
|
||||||
|
|
@ -164,7 +164,7 @@ export const serve_style = {
|
||||||
if (verbose)
|
if (verbose)
|
||||||
console.log(
|
console.log(
|
||||||
`Responding with sprite data for /styles/%s/sprite/%s%s%s`,
|
`Responding with sprite data for /styles/%s/sprite/%s%s%s`,
|
||||||
id,
|
sanitizedId,
|
||||||
sanitizedSpriteID,
|
sanitizedSpriteID,
|
||||||
sanitizedScale,
|
sanitizedScale,
|
||||||
sanitizedFormat,
|
sanitizedFormat,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue