[hardening] make sure we do not fall into dangeruos huge loops

GeoNode · Jun 24, 2019 · 07d7dad · 07d7dad
1 parent 706469e
commit 07d7dad
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py
@@ -1941,10 +1941,10 @@ def decimal_encode(bbox):
 
     width = 240
     if 'width' in request_body:
-        width = request_body['width']
+        width = int(request_body['width'])
     height = 200
     if 'height' in request_body:
-        height = request_body['height']
+        height = int(request_body['height'])
     smurl = None
     if 'smurl' in request_body:
         smurl = request_body['smurl']
@@ -1997,6 +1997,10 @@ def decimal_encode(bbox):
         bounds[3] = 85.0
     if bounds[1] < -85.051:
         bounds[1] = -85.0
+    if bounds[0] > 180.0:
+        bounds[0] = 179.0
+    if bounds[3] < -180.0:
+        bounds[3] = -179.0
     if 'zoom' in request_body:
         zoom = request_body['zoom']
     else:
@@ -2016,28 +2020,26 @@ def decimal_encode(bbox):
     left = round(abs(bounds_ll.west - bounds[0]) * -lng_res)
 
     tmp_tile = mercantile.tile(bounds[0], bounds[3], zoom)
-    width_acc = 256 + left
+    width_acc = 256 + int(left)
     first_row = [tmp_tile]
     # Add tiles to fill image width
     _n_step = 0
-    while width > width_acc:
+    while int(width) > int(width_acc):
         c = mercantile.ul(tmp_tile.x + 1, tmp_tile.y, zoom)
         lng = _v(c.lng, x=True, target_srid=4326)
         if lng == 180.0:
             lng = -180.0
         tmp_tile = mercantile.tile(lng, bounds[3], zoom)
         first_row.append(tmp_tile)
-        width_acc = width_acc + 256
+        width_acc += 256
         _n_step = _n_step + 1
-        if width < width_acc or _n_step > numberOfRows:
-            break
-
     # Build Image Request Template
     _img_request_template = "<div style='height:{height}px; width:{width}px;'>\
         <div style='position: absolute; top:{top}px; left:{left}px; z-index: 749; \
         transform: translate3d(0px, 0px, 0px) scale3d(1, 1, 1);'> \
         \n".format(height=height, width=width, top=top, left=left)
 
+    numberOfRows = _n_step + 1 if numberOfRows > _n_step else numberOfRows
     for row in range(0, numberOfRows):
         for col in range(0, len(first_row)):
             box = [col * 256, row * 256]
@@ -2065,9 +2067,7 @@ def decimal_encode(bbox):
                                          height=256, width=256,
                                          left=box[0], top=box[1])
     _img_request_template += "</div></div>"
-
     image = _render_thumbnail(_img_request_template, width=width, height=height)
-
     return image
 
 

diff --git a/geonode/utils.py b/geonode/utils.py
@@ -269,7 +269,7 @@ def zoom(mapPx, worldPx, fraction):
     ratio = float(max(width, height)) / float(min(width, height))
     z_offset = 0 if ratio >= 1.5 else -1
     zoom = int(max(latZoom, lngZoom) + z_offset)
-    zoom = int(min(zoom, ZOOM_MAX))
+    zoom = 0 if zoom > ZOOM_MAX else zoom
     return max(zoom, 0)