hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-14 18:37:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,405 Commits 32 Branches 44 Tags
2237ce712416f9f2b187d55a47fa610b477bd9d3
Commit Graph

5405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sarah Hoffmann
2237ce7124 split up table creation SQL into separate files 2026-02-12 16:36:10 +01:00
Sarah Hoffmann
58295e0643 remove unused indexes and sequences 2026-02-12 16:33:45 +01:00
Sarah Hoffmann
fed64cda5a Merge pull request #3957 from jayaddison/issue-2714/linked-places-default-language 
Indexing: add default-language placename from linked places
 2026-02-11 15:08:18 +01:00
Sarah Hoffmann
b995803c66 Merge pull request #3979 from jayaddison/issue-2714-prep/extract-rank-zero-specialcasing 
Indexer: relocate zero-ranked-address indexing
 2026-02-11 15:05:28 +01:00
Sarah Hoffmann
986d303c95 Merge pull request #3980 from lonvia/security-smells 
Improve SQL query assembly
 2026-02-10 15:26:34 +01:00
James Addison
310d6e3c92 Indexer: relocate zero-ranked-address indexing 2026-02-10 11:51:18 +00:00
Sarah Hoffmann
7a3ea55f3d ignore tables with odd names in SQLPreprocessor 2026-02-10 11:40:52 +01:00
Sarah Hoffmann
d10d70944d avoid f-strings in SQL creation in tests 2026-02-10 11:39:19 +01:00
Sarah Hoffmann
73590baf15 use psycopg.sql for SQL building in tokenizer 2026-02-10 11:39:19 +01:00
Sarah Hoffmann
e17d0cb5cf only allow alphanumeric and dash in DATABASE_WEBUSER 
This variable is used a lot in raw SQL. Avoid injection issues.
 2026-02-10 11:39:17 +01:00
Sarah Hoffmann
7a62c7d812 sanity check class names before inserting into classtype tables 
The subsequent INSERT is done on an unqouted table name, making in
theory an SQL injection through an OSM value possible. In practise
this cannot happen because we check for the existance of the table.
During the creation of the classtype tables there is a sanity
check in place to disallow any table names that consist of anything
other than alphanumeric characters.
 2026-02-10 11:38:26 +01:00
Sarah Hoffmann
615804b1b3 Merge pull request #3978 from jayaddison/issue-2714-prep/index-boundaries-method-signature-nitpick 
Refactor: add default params to Indexer.index_boundaries
 2026-02-10 09:45:29 +01:00
Sarah Hoffmann
79bbdfd55c Merge pull request #3975 from kad-link/fix/utf8-encoding-clean 
Fix: Enforce explicit UTF-8 encoding in file I/O
 2026-02-10 09:32:06 +01:00
James Addison
509f59b193 Refactor: add default params to index_boundaries 2026-02-09 21:36:30 +00:00
Sri CHaRan
f84b279540 fix: add utf-8 encoding in read-write files 2026-02-10 00:38:40 +05:30
James Addison
e62811cf97 Indexing: invert boolean logic to factor-out empty ELSE clause 
Relates-to commit fa2a789e27.
 2026-02-09 18:33:02 +00:00
Sarah Hoffmann
cd2f6e458b Merge pull request #3970 from lonvia/improve-dev-docs 
Some minor improvement to developer docs
 2026-02-05 21:57:54 +01:00
James Addison
fa2a789e27 Indexing: manage the case where no default-language exists 
Relates-to commit 6fee784c9f.
 2026-02-05 20:48:01 +00:00
Sarah Hoffmann
fc49a77e70 Merge pull request #3960 from jayaddison/tests/has-pending-monkeypatch-robustness 
Tests: parameter-agnostic 'Indexer.has_pending' monkeypatching
 2026-02-05 21:05:57 +01:00
Sarah Hoffmann
28baa34bdc point to developer docs from CONTRIBUTING.md 2026-02-05 20:51:41 +01:00
Sarah Hoffmann
151a5b64a8 docs: fix list of packages for development install 2026-02-05 20:45:18 +01:00
James Addison
6fee784c9f Indexing: add default-language placename from linked places 2026-02-05 15:19:48 +00:00
James Addison
3db7c6d804 Tests: parameter-agnostic has_pending monkeypatching 
Instead of relying on runtime parameter compatibility between
the patched `has_pending` method and `list.pop`, use a proxy
lambda function that accepts arbitrary keyword params.
 2026-02-05 15:09:09 +00:00
Sarah Hoffmann
b2f868d2fc Merge pull request #3966 from remo-lab/fix/sql-injection-truncate 
Fix SQL injection in truncate_data_tables
 2026-02-05 14:44:55 +01:00
remo-lab
ae7301921a Fix SQL injection in truncate_data_tables 
Signed-off-by: remo-lab <remopanda7@gmail.com>
 2026-02-05 17:04:10 +05:30
Sarah Hoffmann
8188689765 Merge pull request #3962 from lonvia/docs-deploy 
Docs: switch deployment to use gunicorn's asgi/uwsgi support
 2026-02-03 11:45:57 +01:00
Sarah Hoffmann
135453e463 docs: switch deployment to use gunicorn's asgi/uwsgi support 2026-02-03 09:08:06 +01:00
Sarah Hoffmann
cc9c8963f3 Merge pull request #3949 from Itz-Agasta/try 
Feat: Add admin function for granting access to read-only user
 2026-02-02 09:53:24 +01:00
Sarah Hoffmann
c882718355 Merge pull request #3959 from Aditya30ag/fix/readme-nominatim-api-module-path 
Fix README: update Nominatim API server module path
 2026-02-02 09:12:24 +01:00
Aditya30ag
3f02a4e33b Fix README: update Nominatim API server module path 2026-02-02 11:43:03 +05:30
Sarah Hoffmann
1cf5464d3a Merge pull request #3955 from AmmarYasser455/fix/typos 
docs: fix multiple typos in documentation and source code
 2026-02-01 10:05:34 +01:00
Sarah Hoffmann
dcbfa2a3d0 Merge pull request #3952 from jayaddison/pr-3687-followup/boundary-admin-level-for-linkage 
Tests: resolve an issue in the place-linkage name expansion test case
 2026-02-01 10:05:16 +01:00
James Addison
5cdc6724de Tests: set boundary admin level to enable linking 2026-01-31 22:00:23 +00:00
Itz-Agasta
45972811e3 Preserve import error tables during freeze 
- Remove 'import_polygon_%' from UPDATE_TABLES to keep import_polygon_error
and import_polygon_delete tables in frozen databases.

- These tables contain permanent import error tracking data and should not
be deleted during freeze. The ro-access grant system expects them to exist
in all database states.
 2026-01-31 22:50:18 +05:30
Itz-Agasta
e021f558bf Restore grants for dynamic tables in tokenizer, migration, and tiger import 2026-01-30 20:43:57 +05:30
AmmarYasser455
fcc5ce3f92 docs: fix multiple typos in documentation and source code 2026-01-30 12:13:23 +02:00
Sarah Hoffmann
9a979b7429 Merge pull request #3951 from Itz-Agasta/cli 
Feat: Adds layer filtering option to search cli command
 2026-01-29 09:58:06 +01:00
Itz-Agasta
6ad87db1eb Updates layer selection to allow optional default 
- Modifies layer argument handling to permit no default layers appropriate.
- Update the help text for the layer parameter in the reverse command
 2026-01-29 11:33:21 +05:30
Sarah Hoffmann
f4820bed0e Merge pull request #3950 from jayaddison/fixup/sql-debug-output-escaping 
Fixup: add single-quote escaping within debug message
 2026-01-28 20:30:11 +01:00
Itz-Agasta
bf6eb01d68 Adds layer filtering option to search command 
Introduces a cli argument to restrict search results
to specified data layers, enabling more targeted queries.
 2026-01-28 12:16:43 +05:30
James Addison
f07676a376 Fixup: add single-quote escaping within debug message 2026-01-28 01:27:53 +00:00
Itz-Agasta
5e2ce10fe0 Adds mock grants SQL file for import test 2026-01-27 17:55:51 +05:30
Itz-Agasta
58cae70596 Adds option to grant web user read-only DB access 
Introduces a command-line flag to grant read-only access to the web user for all tables, improving ease of permissions management during refresh operations.
 2026-01-27 17:54:10 +05:30
Itz-Agasta
bf0ee6685b Grants read-only access after import 
Adds execution of grant statements to provide read-only privileges
for the web user following table creation or via a dedicated function.
Facilitates easier post-import permission management.
 2026-01-27 17:53:25 +05:30
Itz-Agasta
ff1f1b06d9 Moves db grant statements to dedicated script 
Centralizes all read-only access grants into a single SQL script, ensuring permissions are managed in one place.
 2026-01-27 17:49:51 +05:30
Sarah Hoffmann
67ecf5f6a0 Merge pull request #3943 from Itz-Agasta/test_fix 
Tests: Replace eval() with ast.literal_eval() for safer parsing
 2026-01-25 10:10:15 +01:00
Itz-Agasta
e77a4c2f35 Switch to ast.literal_eval for dict parsing 
Due to  some test data in the BDD feature files includes Python raw strings and escape sequences that standard json.loads() cannot parse switching to safer Python literal evaluation
for converting string representations of dictionaries.
 2026-01-24 15:32:47 +05:30
Itz-Agasta
9fa980bca2 Replaces eval with json.loads for safer dict parsing 
Switches from eval to json.loads when parsing string representations
of dictionaries to  prevent arbitrary code
execution.
 2026-01-24 15:32:47 +05:30
Sarah Hoffmann
fe773c12b2 Merge pull request #3946 from lonvia/enable-entrances-for-reverse 
Enable entrance lookup for reverse and lookup
 2026-01-23 22:10:43 +01:00
Sarah Hoffmann
cc96912580 Merge pull request #3906 from AyushDharDubey/fix/issue_2463-Use-search_name-table-for-TIGER-data-imports-on-'dropped'-databases 
Use `search_name` as fallback for TIGER imports when update tables are dropped
 2026-01-23 20:52:40 +01:00