Do not choke on multiple skipfields parameter

2013-05-06 12:30:32 +02:00 · 2013-05-06 12:30:32 +02:00 · cc74244b33
commit cc74244b33
parent ddd9cc547a
3 changed files with 47 additions and 13 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -1,5 +1,6 @@
 1.3.9
 -----
 * Do not choke on multiple `skipfields` parameter
 1.3.8
 -----
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@ -104,26 +104,39 @@ function handleQuery(req, res) {
    var requestedFilename = req.query.filename || body.filename
    var filename  = requestedFilename;
    var requestedSkipfields = req.query.skipfields || body.skipfields;
-    var skipfields = requestedSkipfields ? requestedSkipfields.split(',') : [];
+    var skipfields;
    var dp        = req.query.dp || body.dp; // decimal point digits (defaults to 6)
    var gn        = "the_geom"; // TODO: read from configuration file
    var user_id;
    var tableCacheItem;
    // sanitize and apply defaults to input
    dp        = (dp       === "" || _.isUndefined(dp))       ? '6'  : dp;
    format    = (format   === "" || _.isUndefined(format))   ? 'json' : format.toLowerCase();
    filename  = (filename === "" || _.isUndefined(filename)) ? 'cartodb-query' : sanitize_filename(filename);
    sql       = (sql      === "" || _.isUndefined(sql))      ? null : sql;
    database  = (database === "" || _.isUndefined(database)) ? null : database;
    limit     = (_.isNumber(limit))  ? limit : null;
    offset    = (_.isNumber(offset)) ? offset * limit : null;
    // setup step run
    var start = new Date().getTime();
    try {
        // sanitize and apply defaults to input
        dp        = (dp       === "" || _.isUndefined(dp))       ? '6'  : dp;
        format    = (format   === "" || _.isUndefined(format))   ? 'json' : format.toLowerCase();
        filename  = (filename === "" || _.isUndefined(filename)) ? 'cartodb-query' : sanitize_filename(filename);
        sql       = (sql      === "" || _.isUndefined(sql))      ? null : sql;
        database  = (database === "" || _.isUndefined(database)) ? null : database;
        limit     = (_.isNumber(limit))  ? limit : null;
        offset    = (_.isNumber(offset)) ? offset * limit : null;
        // Accept both comma-separated string or array of comma-separated strings
        if ( requestedSkipfields ) {
          if ( _.isString(requestedSkipfields) ) skipfields = requestedSkipfields.split(',');
          else if ( _.isArray(requestedSkipfields) ) {
            skipfields = [];
            _.each(requestedSkipfields, function(ele) {
              skipfields = skipfields.concat(ele.split(','));
            });
          }
        } else {
          skipfields = [];
        }
        // setup step run
        var start = new Date().getTime();
        if ( -1 === supportedFormats.indexOf(format) )
          throw new Error("Invalid format: " + format);
--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@ -602,6 +602,26 @@ test('skipfields controls included fields', function(done){
    });
 });
 test('multiple skipfields parameter do not kill the backend', function(done){
    assert.response(app, {
        url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&skipfields=unexistent,the_geom_webmercator&skipfields=cartodb_id,unexistant',
        headers: {host: 'vizzuality.cartodb.com'},
        method: 'GET'
    },{ }, function(res){
        assert.equal(res.statusCode, 200, res.body);
        var row0 = JSON.parse(res.body).rows[0];
        var checkfields = {'name':1, 'cartodb_id':0, 'the_geom':1, 'the_geom_webmercator':0};
        for ( var f in checkfields ) {
          if ( checkfields[f] ) {
            assert.ok(row0.hasOwnProperty(f), "result does not include '" + f + "'");
          } else {
            assert.ok(!row0.hasOwnProperty(f), "result includes '" + f + "'");
          }
        }
        done();
    });
 });
 test('GET /api/v1/sql ensure cross domain set on errors', function(done){
    assert.response(app, {
        url: '/api/v1/sql?q=SELECT%20*gadfgadfg%20FROM%20untitle_table_4',