mirror of
https://github.com/maptiler/tileserver-gl.git
synced 2024-09-20 08:18:48 +03:00
Fix reflected XSS in 'key' parameter. Fixes #461
This commit is contained in:
parent
a5a8ae1e95
commit
10431d70d0
@ -17,7 +17,7 @@ const fixUrl = (req, url, publicUrl, opt_nokey) => {
|
||||
}
|
||||
const queryParams = [];
|
||||
if (!opt_nokey && req.query.key) {
|
||||
queryParams.unshift(`key=${req.query.key}`);
|
||||
queryParams.unshift(`key=${encodeURIComponent(req.query.key)}`);
|
||||
}
|
||||
let query = '';
|
||||
if (queryParams.length) {
|
||||
|
@ -243,7 +243,7 @@ function start(opts) {
|
||||
|
||||
app.get('/styles.json', (req, res, next) => {
|
||||
const result = [];
|
||||
const query = req.query.key ? (`?key=${req.query.key}`) : '';
|
||||
const query = req.query.key ? (`?key=${encodeURIComponent(req.query.key)}`) : '';
|
||||
for (const id of Object.keys(serving.styles)) {
|
||||
const styleJSON = serving.styles[id].styleJSON;
|
||||
result.push({
|
||||
@ -319,8 +319,8 @@ function start(opts) {
|
||||
data['public_url'] = opts.publicUrl || '/';
|
||||
data['is_light'] = isLight;
|
||||
data['key_query_part'] =
|
||||
req.query.key ? `key=${req.query.key}&` : '';
|
||||
data['key_query'] = req.query.key ? `?key=${req.query.key}` : '';
|
||||
req.query.key ? `key=${encodeURIComponent(req.query.key)}&` : '';
|
||||
data['key_query'] = req.query.key ? `?key=${encodeURIComponent(req.query.key)}` : '';
|
||||
if (template === 'wmts') res.set('Content-Type', 'text/xml');
|
||||
return res.status(200).send(compiled(data));
|
||||
});
|
||||
|
@ -40,7 +40,7 @@ module.exports.getTileUrls = (req, domains, path, format, publicUrl, aliases) =>
|
||||
const key = req.query.key;
|
||||
const queryParams = [];
|
||||
if (req.query.key) {
|
||||
queryParams.push(`key=${req.query.key}`);
|
||||
queryParams.push(`key=${encodeURIComponent(req.query.key)}`);
|
||||
}
|
||||
if (req.query.style) {
|
||||
queryParams.push(`style=${req.query.style}`);
|
||||
|
Loading…
Reference in New Issue
Block a user