From b8e7ac4f8a103a0047eb820afc42a7f86416907a Mon Sep 17 00:00:00 2001
From: Frank Elsinga <frank@elsinga.de>
Date: Sun, 28 Apr 2024 03:03:58 +0200
Subject: [PATCH] made sure that controll and whitespace characters are ignored
 in the group of location-`id`-apis

---
 server/main-api/src/calendar/mod.rs |  4 +++-
 server/main-api/src/details.rs      |  7 ++++---
 server/main-api/src/maps/mod.rs     | 11 ++++++-----
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/server/main-api/src/calendar/mod.rs b/server/main-api/src/calendar/mod.rs
index 48679644b..d81284645 100644
--- a/server/main-api/src/calendar/mod.rs
+++ b/server/main-api/src/calendar/mod.rs
@@ -29,7 +29,9 @@ pub async fn calendar_handler(
     web::Query(args): web::Query<QueryArguments>,
     data: web::Data<crate::AppData>,
 ) -> HttpResponse {
-    let id = params.into_inner();
+    let id = params
+        .into_inner()
+        .replace(|c: char| c.is_whitespace() || c.is_control(), "");
     let location = match get_location(&data.db, &id).await {
         Err(e) => {
             error!("could not refetch due to {e:?}");
diff --git a/server/main-api/src/details.rs b/server/main-api/src/details.rs
index 8c13f3610..7168f0c0c 100644
--- a/server/main-api/src/details.rs
+++ b/server/main-api/src/details.rs
@@ -11,9 +11,10 @@ pub async fn get_handler(
     web::Query(args): web::Query<utils::LangQueryArgs>,
     data: web::Data<crate::AppData>,
 ) -> HttpResponse {
-    let Some((probable_id, redirect_url)) =
-        get_alias_and_redirect(&data.db, &params.into_inner()).await
-    else {
+    let id = params
+        .into_inner()
+        .replace(|c: char| c.is_whitespace() || c.is_control(), "");
+    let Some((probable_id, redirect_url)) = get_alias_and_redirect(&data.db, &id).await else {
         return HttpResponse::NotFound().body("Not found");
     };
     let result = if args.should_use_english() {
diff --git a/server/main-api/src/maps/mod.rs b/server/main-api/src/maps/mod.rs
index 792026bca..f3e4aae9c 100644
--- a/server/main-api/src/maps/mod.rs
+++ b/server/main-api/src/maps/mod.rs
@@ -120,7 +120,9 @@ pub async fn maps_handler(
     data: web::Data<crate::AppData>,
 ) -> HttpResponse {
     let start_time = Instant::now();
-    let id = params.into_inner();
+    let id = params
+        .into_inner()
+        .replace(|c: char| c.is_whitespace() || c.is_control(), "");
     let data = match get_localised_data(&data.db, &id, args.should_use_english()).await {
         Ok(data) => data,
         Err(e) => {
@@ -130,11 +132,10 @@ pub async fn maps_handler(
     let img = construct_image_from_data(data)
         .await
         .unwrap_or_else(load_default_image);
-    let res = HttpResponse::Ok().content_type("image/png").body(img);
 
     debug!(
-        "Preview Generation for {id} took {:?}",
-        start_time.elapsed()
+        "Preview Generation for {id} took {elapsed:?}",
+        elapsed = start_time.elapsed()
     );
-    res
+    HttpResponse::Ok().content_type("image/png").body(img)
 }