Illegal Map on Wrong Parameters

[Dautrich]

Hi,
I started using Phoca Maps yesterday (after many years of having used "Google Maps by Reumer"). When generating my first maps with your extension, I suddenly got an "illegal" Google Map:

• No Google
  No copyright
  No UI elements
  Wrong zoom factor

Finally I found out that I had entered a wrong value under "Custom Options": minZoom:32

You can see the map and the relevant configuration pages here:
https://rolfswolke.dautrich.eu/index.ph ... A7LatPIC44

I'm pretty sure that some users would like to produce such a "pure" map. But I'm not sure whether Google would like maps without copyright. I propose that you check all input values for correct range to prevent users from inadvertently producing illegal maps.

Best regards,
Rolf

[Jan]

Hi, unfortunately, custom options cannot be checked for correct values. These are in fact expert settings. You have the possibility to extend the map with your specific parameters and such cannot be unlimited. And unlimited parameters cannot be somehow checked.

So there are possible two ways:

1) To not allow users ad specific parameters
2) To allow it but in such case there is no option to check it (it is not technically possible)

So if I do 1) there will be a large group of users who will ask why I have limited the component possibilities. If I do 2) there will be some users who can add some wrong parameter. But of course wrong parameters can be added e.g. directly in template or in code. So it is always possible that user can add wrong parameters per different ways.

So this is more a phylosofical question. If you create a car to allow users go to some place faster than walking, are you responsible for case they will injure some human with the car?

If some user changes the javascript parameters for google API, the developer of javascript cannot be responsible for this.

It is not technically possible to check custom parameters user can add to maps api the same like check the javascript output, user sets directly.

I hope, you understand what I mean.

Jan

[Dautrich]

Hi Jan,

I don't believe you that you cannot check the parameters in the "Custom Options" field. You could integrate a parser into Phoca Maps which checks the parameters and their values for correctness.

But I completely understand why you don't want to do so: It would be a lot of work to be done. Moreover, each time Google changes the Maps API, you would have some maintenance work. And in the end, it's Google's task to check the input values to their Maps API.

What you could do with only limited effort:
- Add a comment to Phoca Maps documentation about the fact that the content of the "Custom Options" field is forwarded to the Google Maps API without any checks, and that wrong parameters or values could lead to adverse effects to the map.
- Add a similar comment to the field's tooltip.

Best regards,
Rolf

[Jan]

But I completely understand why you don't want to do so

Hi, in fact I didn't think about it so the word "don't want" is not valid. I just didn't think about limiting someone when custom options are set.

each time Google changes the Maps API

It is not only about the API, there are unlimited possibilites to extend the javascript code so in fact it is not possible to check something which does not exists yet. It is something like I should check custom CSS code for Phoca Gallery by each user - if it meets CSS rules. This is really not possible by millions of use and ulimited combinations

Add a comment to Phoca Maps documentation

I understand your point of view but in such case, I must do it for every similar parameter in Phoca Extensions. For example: Custom CSS is not checked for valid CSS, custom options of javascript popup window in Phoca Gallery is not checked for valid javascript code, all description fields not checked for valid HTML, EXIF custom fields not checked for valid EXIF code.

I hope you understand, in such case there will be one Phoca extension and I will have not time for doing others. In fact this solves the GPL licence.

In fact I should comment each parameter and write what everything could be possible if ...

So the question is where is the limit. What should be comment and what not.

At the end it can be:
Title: Description
Desc: Set description. Be aware, when you use HTML, it is not checked if it is valid. If you add swear-word to your description, such will be not automatically changed to ***. If you write password to your description, this can be dangerous for you as everybody can read it. If you write some lie, you can go to court.

And the real example: If you use own custome php code or javascript code in the description, it will be not checked for if it is valid the same if you use some javascript API, etc.

If some parameter value can lead to some unexpected behaviour in the API, I think, this needs to be validated in the API. What do you think?

[Dautrich]

Hi Jan,

I just meant that you could add a comment in your documentation regarding the "Custom Options" field like that:

"The string entered here will not be checked, but will be directly forwarded to Google Maps API. Wrong values may lead to unwanted effects or no maps displayed at all."

Best regards,

Rolf

[Jan]

Hi, yes, this should be not a problem, see:
https://www.phoca.cz/documents/53-phoca- ... kers-icons

Jan

[Dautrich]

Perfect!

[Jan]