Skip to content

Commit

Permalink
explicitly reject requests with invalid characters in query as they l…
Browse files Browse the repository at this point in the history 
…ead to server error
  • Loading branch information
@karussell
karussell committed Nov 13, 2024
1 parent f219570 commit 5f57655
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions src/main/java/com/graphhopper/converter/resources/AbstractConverterResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,21 @@ void checkInvalidParameter(boolean reverse, String query, String point) {
if (query == null || query.trim().isEmpty()) {
throw new BadRequestException("q cannot be empty");
}
if (isInvalidString(query, "{}[]")) {
throw new BadRequestException("q contains invalid characters like {}[]");
}
}
}

public static boolean isInvalidString(String input, String allowedSpecialChars) {
for (int i = 0; i < input.length(); i++) {
char c = input.charAt(i);
if (Character.isDigit(c))
continue;
if (!Character.isLetter(c) && allowedSpecialChars.indexOf(c) == -1)
return true;
}
return false;
}

String getLocaleFromParameter(String locale) {
Expand Down

0 comments on commit 5f57655

Please sign in to comment.