CalvinBackup/iD
1
0
Fork 0
mirror of https://github.com/FoggedLens/iD.git synced 2026-05-19 23:14:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize personal tokens from custom background imagery

Browse Source 
(closes #6801)
This commit is contained in:
Bryan Housel
2020-03-14 10:30:46 -04:00
parent 94c9697ee4
commit 47aaec0db6
2 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/renderer/background_source.js
+21 -2
View File
@@ -3,7 +3,7 @@ import { json as d3_json } from 'd3-fetch';
import { t } from '../util/locale';
import { geoExtent, geoSphericalDistance } from '../geo';
import { utilDetect } from '../util/detect';
import { utilDetect, utilQsString, utilStringQs } from '../util';
function localeDateString(s) {
@@ -540,7 +540,26 @@ rendererBackgroundSource.Custom = function(template) {
source.imageryUsed = function() {
return 'Custom (' + source.template() + ' )';
// sanitize personal connection tokens - #6801
var cleaned = source.template();
// from query string parameters
if (cleaned.indexOf('?') !== -1) {
var parts = cleaned.split('?', 2);
var qs = utilStringQs(parts[1]);
['access_token', 'connectId', 'token'].forEach(function(param) {
if (qs[param]) {
qs[param] = '{apikey}';
}
});
cleaned = parts[0] + '?' + utilQsString(qs, true); // true = soft encode
}
// from wms/wmts api path parameters
cleaned = cleaned.replace(/token\/(\w+)/, 'token/{apikey}');
return 'Custom (' + cleaned + ' )';
};