[Mapbender-commits] r2093 - in branches/2.4.5: .
2.4.4_leak/http/classes 2.4.4_leak/http/extensions
2.4.4_leak/http/frames 2.4.4_leak/http/html
2.4.4_leak/http/javascripts 2.4.4_leak/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Mon Feb 18 08:34:50 EST 2008
Author: christoph
Date: 2008-02-18 08:34:49 -0500 (Mon, 18 Feb 2008)
New Revision: 2093
Added:
branches/2.4.5/2.4.4_leak/
branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php
Removed:
branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php
branches/2.4.5/2.4.4_leak/http/html/mod_treefolder_auge.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_measure4326.php
branches/2.4.5/2.4.4_leak/http/javascripts/transform_coordinatesWGS84.php
Modified:
branches/2.4.5/2.4.4_leak/http/classes/class_gui.php
branches/2.4.5/2.4.4_leak/http/classes/class_log.php
branches/2.4.5/2.4.4_leak/http/classes/class_wfs.php
branches/2.4.5/2.4.4_leak/http/classes/class_wfs_conf.php
branches/2.4.5/2.4.4_leak/http/classes/class_wms.php
branches/2.4.5/2.4.4_leak/http/extensions/wz_jsgraphics.js
branches/2.4.5/2.4.4_leak/http/frames/login.php
branches/2.4.5/2.4.4_leak/http/javascripts/map.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromList.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredList.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredListDB.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_digitize_tab.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_sandclock2.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_setPOI2Scale.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_wfs_SpatialRequest.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_wfs_gazetteer_client.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomCoords.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomFull.php
branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomOut1.php
branches/2.4.5/2.4.4_leak/http/php/createImageFromText.php
branches/2.4.5/2.4.4_leak/http/php/mb_listWMCs.php
branches/2.4.5/2.4.4_leak/http/php/mod_WMSpreferences.php
branches/2.4.5/2.4.4_leak/http/php/mod_changeEPSG.php
branches/2.4.5/2.4.4_leak/http/php/mod_createUser.php
branches/2.4.5/2.4.4_leak/http/php/mod_deleteGUI.php
branches/2.4.5/2.4.4_leak/http/php/mod_deleteWFS.php
branches/2.4.5/2.4.4_leak/http/php/mod_editElementVars.php
branches/2.4.5/2.4.4_leak/http/php/mod_editFilteredGroup.php
branches/2.4.5/2.4.4_leak/http/php/mod_editFilteredUser.php
branches/2.4.5/2.4.4_leak/http/php/mod_editGroup.php
branches/2.4.5/2.4.4_leak/http/php/mod_editGuiWms.php
branches/2.4.5/2.4.4_leak/http/php/mod_editGuiWmsMeta.php
branches/2.4.5/2.4.4_leak/http/php/mod_editUser.php
branches/2.4.5/2.4.4_leak/http/php/mod_editWMS_Metadata.php
branches/2.4.5/2.4.4_leak/http/php/mod_edit_element_vars.php
branches/2.4.5/2.4.4_leak/http/php/mod_edit_metadata.php
branches/2.4.5/2.4.4_leak/http/php/mod_evalArea.php
branches/2.4.5/2.4.4_leak/http/php/mod_forgottenPassword.php
branches/2.4.5/2.4.4_leak/http/php/mod_gazLayerObj_conf.php
branches/2.4.5/2.4.4_leak/http/php/mod_gazLayerObj_edit.php
branches/2.4.5/2.4.4_leak/http/php/mod_gazetteer_conf.php
branches/2.4.5/2.4.4_leak/http/php/mod_gazetteer_edit.php
branches/2.4.5/2.4.4_leak/http/php/mod_getStyles.php
branches/2.4.5/2.4.4_leak/http/php/mod_loadCapabilitiesList.php
branches/2.4.5/2.4.4_leak/http/php/mod_loadWFSCapabilities.php
branches/2.4.5/2.4.4_leak/http/php/mod_loadwfs.php
branches/2.4.5/2.4.4_leak/http/php/mod_log.php
branches/2.4.5/2.4.4_leak/http/php/mod_map1.php
branches/2.4.5/2.4.4_leak/http/php/mod_mapOV.php
branches/2.4.5/2.4.4_leak/http/php/mod_owsproxy_conf.php
branches/2.4.5/2.4.4_leak/http/php/mod_renameGUI.php
branches/2.4.5/2.4.4_leak/http/php/mod_simpleWMSpreferences.php
branches/2.4.5/2.4.4_leak/http/php/mod_treefolderAdmin.php
branches/2.4.5/2.4.4_leak/http/php/mod_treefolderClient.php
branches/2.4.5/2.4.4_leak/http/php/mod_wfs_conf.php
branches/2.4.5/2.4.4_leak/http/php/mod_wfs_edit.php
branches/2.4.5/2.4.4_leak/http/php/mod_wfs_result.php
branches/2.4.5/2.4.4_leak/http/php/mod_wfsrequest.php
branches/2.4.5/2.4.4_leak/http/php/nestedSets.php
Log:
Copied: branches/2.4.5/2.4.4_leak (from rev 2000, tags/2.4.4)
Modified: branches/2.4.5/2.4.4_leak/http/classes/class_gui.php
===================================================================
--- tags/2.4.4/http/classes/class_gui.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_gui.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,4 @@
<?php
-
# $Id$
# http://www.mapbender.org/index.php/class_gui.php
# Copyright (C) 2002 CCGIS
@@ -19,252 +18,201 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-class gui{
+/**
+ * GUI is a set of GUI elements and services.
+ */
+class gui {
- function gui() {
+ public function __construct () {
}
- // CB - returns true if a gui '$gui_id' exists
- function guiExists($gui_id){
- $sql = "SELECT * FROM gui ";
- $sql .= "WHERE gui_id = $1";
+ /**
+ * Checks if a GUI with a given ID exists in the database
+ *
+ * @param integer $gui_id the ID of the GUI that is being checked
+ * @return boolean true if a gui '$gui_id' exists; else false
+ */
+ public function guiExists ($gui_id){
+ $sql = "SELECT * FROM gui WHERE gui_id = $1";
$v = array($gui_id);
$t = array('s');
$res = db_prep_query($sql,$v,$t);
$row = db_fetch_array($res);
- if ($row) return true;
- else return false;
+ if ($row) {
+ return true;
+ }
+ return false;
}
- // CB - deletes a GUI $guiId and all its links to users, layers etc.
- function deleteGui ($guiId) {
+
+ /**
+ * Deletes a GUI $guiId and all its links to users, layers etc.
+ *
+ * @param Integer $guiId the GUI that is going to be deleted
+ * @return boolean true if the deletion succeded, else false
+ */
+ public function deleteGui ($guiId) {
$guiList = $guiId;
- $sql = "BEGIN";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ $sql = array();
+ $v = array();
+ $t = array();
- $sql = "DELETE FROM gui WHERE gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "BEGIN");
+ array_push($v, array());
+ array_push($t, array());
+
+ array_push($sql, "DELETE FROM gui WHERE gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_element WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_element WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_layer WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_layer WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_treegde WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_wfs WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_wfs WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_wms WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_wms WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- // if $error is true, the transaction is aborted -> rollback
- if (!$error) {
- $sql = "COMMIT";
- $res = db_query($sql);
+ array_push($sql, "COMMIT");
+ array_push($v, array());
+ array_push($t, array());
+
+ // execute all SQLs
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
+ // if an SQL fails, send a ROLLBACK and return false
if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
+ db_query("ROLLBACK");
+ return false;
}
}
- //if $error is false, the transaction is executed -> commit
- else {
- $sql = "ROLLBACK";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
- }
- return !$error;
+ return true;
}
- // CB - rename a GUI
- function renameGui ($guiId, $newGuiName) {
- $error = false;
+ /** Renames the GUI $guiID to $newGUIName
+ *
+ * @param Integer $guiId ID of the GUI
+ * @param String $newGuiName the new name of the GUI
+ * @return boolean true if the renaming succeded, else false
+ */
+ public function renameGui ($guiId, $newGuiName) {
if ($this->copyGui($guiId, $newGuiName, true)) {
$this->deleteGui($guiId);
+ return true;
}
- else {
- $error = true;
- }
- return !$error;
+ return false;
}
- // CB - copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
- function copyGui ($guiId, $newGuiName, $withUsers) {
- $error = false;
+ /**
+ *
+ * Copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
+ *
+ * @param Integer $guiId ID of the GUI
+ * @param String $newGuiName the new name of the GUI
+ * @param boolean $withUsers true if the users, that may access the GUI $guiId, shall have access to the new GUI; else false.
+ *
+ * @return boolean true if the renaming succeded, else false
+ */
+ public function copyGui ($guiId, $newGuiName, $withUsers) {
$guiList = $guiId;
if (!$this->guiExists($newGuiName)) {
- $sql = "BEGIN";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+
+ $sql = array();
+ $v = array();
+ $t = array();
+
+ array_push($sql, "BEGIN");
+ array_push($v, array());
+ array_push($t, array());
- $sql = "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) SELECT '" . $newGuiName . "', '" . $newGuiName . "',gui_description, gui_public FROM gui WHERE gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) SELECT $1, $2, gui_description, gui_public FROM gui WHERE gui_id = $3;");
+ array_push($v, array ($newGuiName, $newGuiName, $guiList));
+ array_push($t, array ("s", "s", "s"));;
+
+ array_push($sql, "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url) SELECT $1, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url FROM gui_element WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url) SELECT '" . $newGuiName . "', e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url FROM gui_element WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type) SELECT $1, fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type) SELECT '" . $newGuiName . "', fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_layer (fkey_gui_id, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype) SELECT $1, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_layer (fkey_gui_id, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype) SELECT '" . $newGuiName . "', fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
-
- $sql = "INSERT INTO gui_mb_group (fkey_gui_id, fkey_mb_group_id, mb_group_type) SELECT '" . $newGuiName . "', fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
-
if ($withUsers == true) {
+ /* group of original gui is copied as well */
+ array_push($sql, "INSERT INTO gui_mb_group (fkey_gui_id, fkey_mb_group_id, mb_group_type) SELECT $1, fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
+
/* users of original gui are copied as well */
- $sql = "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) SELECT '" . $newGuiName . "', fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) SELECT $1, fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
}
else {
// users of original gui are not copied, the current user is set as owner
- $sql = "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) VALUES ($1, $2, 'owner')";
- $v = array($newGuiName, $_SESSION["mb_user_id"]);
- $t = array('s', 'i');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) VALUES ($1, $2, 'owner')");
+ array_push($v, array($newGuiName, $_SESSION["mb_user_id"]));
+ array_push($t, array('s', 'i'));
}
- $sql = "INSERT INTO gui_treegde (fkey_gui_id, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id) SELECT '" . $newGuiName . "', fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_treegde (fkey_gui_id, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id) SELECT $1, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id) SELECT '" . $newGuiName . "', fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id) SELECT $1, fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_wms (fkey_gui_id, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible) SELECT '" . $newGuiName . "', fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_wms (fkey_gui_id, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible) SELECT $1, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
+
+ array_push($sql, "COMMIT");
+ array_push($v, array());
+ array_push($t, array());
- // if $error is false, the transaction is executed -> commit
- if (!$error) {
- $sql = "COMMIT";
- }
- else {
- $sql = "ROLLBACK";
+ // execute all SQLs
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
+ // if an SQL fails, send a ROLLBACK and return false
+ if (!$res) {
+ db_query("ROLLBACK");
+ return false;
+ }
}
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
- return !$error;
+ return true;
}
else {
echo "<script language='javascript'>";
Modified: branches/2.4.5/2.4.4_leak/http/classes/class_log.php
===================================================================
--- tags/2.4.4/http/classes/class_log.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_log.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -23,7 +23,7 @@
*modul "GET /map/http/ HTTP/1.1"
*/
-class log{
+class log {
var $dir = "../../log/";
var $log_username = true;
@@ -32,12 +32,14 @@
* {'file' || 'db'}
*/
var $logtype = 'db';
+
+ function log($module,$req,$time_client,$type = ""){
- function log($module,$req,$time_client){
-
$this->url = $req;
+ if($type == "")
+ $type = $this->logtype;
- if($this->logtype == "file"){
+ if($type == "file"){
if(is_dir($this->dir)){
$logfile = $this->dir . "mb_access_" . date("Y_m_d") . ".log";
if(!$h = @fopen($logfile,"a")){
@@ -65,42 +67,22 @@
}
}
}
- else if($this->logtype == 'db'){
+ else if($type == 'db'){
include_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
for($i = 0; $i < count($this->url); $i++){
- $sql = "INSERT INTO mb_log(";
+ $sql = "INSERT INTO mb_log (";
+ $sql .= "time_client, time_server, time_readable, mb_session, ";
+ $sql .= "gui, module, ip, username, userid, request";
+ $sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)";
- $sql .= "time_client,";
- $sql .= "time_server,";
- $sql .= "time_readable,";
- $sql .= "mb_session,";
- $sql .= "gui,";
- $sql .= "module,";
- $sql .= "ip,";
- $sql .= "username,";
- $sql .= "userid,";
- $sql .= "request";
+ $v = array($time_client, strtotime("now"), "[".date("d/M/Y:H:i:s O")."]", SID, $_SESSION["mb_user_gui"], $module, $_SESSION["mb_user_ip"], $_SESSION["mb_user_name"], $_SESSION["mb_user_id"], $this->url[$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t)or die(db_error());
- $sql .= ") VALUES (";
-
- $sql .= "'".$time_client."',";
- $sql .= "'".strtotime("now")."',";
- $sql .= "'[".date("d/M/Y:H:i:s O")."]',";
- $sql .= "'".SID."',";
- $sql .= "'".$_SESSION["mb_user_gui"]."',";
- $sql .= "'".$module."',";
- $sql .= "'".$_SESSION["mb_user_ip"]."',";
- $sql .= "'".$_SESSION["mb_user_name"]."',";
- $sql .= "'".$_SESSION["mb_user_id"]."',";
- $sql .= "'".$this->url[$i]."'";
- $sql .= ")";
-
- $res = db_query($sql)or die(db_error());
-
if(!$res){
include_once(dirname(__FILE__)."/class_mb_exception.php");
$e = new mb_exception("class_log: Writing table mb_log failed.");
Modified: branches/2.4.5/2.4.4_leak/http/classes/class_wfs.php
===================================================================
--- tags/2.4.4/http/classes/class_wfs.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_wfs.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -223,20 +223,14 @@
# TABLE wfs
- $sql = "INSERT INTO wfs (wfs_version, wfs_name, wfs_title, wfs_abstract, wfs_getcapabilities, wfs_describefeaturetype, wfs_getfeature, wfs_transaction) ";
- $sql .= "VALUES(";
- $sql .= "'" . $this->wfs_version ."', ";
- $sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_name)) ."', ";
- $sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_title)) ."', ";
- $sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_abstract)) . "', ";
- $sql .= "'" . $this->wfs_getcapabilities ."', ";
- $sql .= "'" . $this->wfs_describefeaturetype . "', ";
- $sql .= "'". $this->wfs_getfeature . "', ";
- $sql .= "'". $this->wfs_transaction . "'";
- $sql .= ");";
+ $sql = "INSERT INTO wfs (wfs_version, wfs_name, wfs_title, wfs_abstract, ";
+ $sql .= "wfs_getcapabilities, wfs_describefeaturetype, wfs_getfeature, ";
+ $sql .= "wfs_transaction) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)";
+ $v = array($this->wfs_version, db_escape_string(str_replace("'","",$this->wfs_name)), db_escape_string(str_replace("'","",$this->wfs_title)), db_escape_string(str_replace("'","",$this->wfs_abstract)), $this->wfs_getcapabilities, $this->wfs_describefeaturetype, $this->wfs_getfeature, $this->wfs_transaction);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s");
#echo "sql wfs: <br>".$sql;
- $res = db_query($sql)or die(db_error());
+ $res = db_prep_query($sql, $v, $t)or die(db_error());
$myWFS = db_insert_id($con,'wfs','wfs_id');
#echo "<br> myWFS: ".$myWFS;
@@ -244,62 +238,57 @@
# TABLE wfs_featuretype
for($i=0; $i<count($this->wfs_featuretype); $i++){
- $sql = "INSERT INTO wfs_featuretype(fkey_wfs_id, featuretype_name, featuretype_title, featuretype_srs) ";
- $sql .= "VALUES(";
- $sql .= $myWFS . ",";
- $sql .= "'".$this->wfs_featuretype[$i]->featuretype_name . "',";
- $sql .= "'".$this->wfs_featuretype[$i]->featuretype_title."',";
- $sql .= "'".$this->wfs_featuretype[$i]->featuretype_srs."'";
- $sql .= ")";
+ $sql = "INSERT INTO wfs_featuretype(fkey_wfs_id, featuretype_name, ";
+ $sql .= "featuretype_title, featuretype_srs) VALUES ($1, $2, $3, $4)";
+ $v = array($myWFS, $this->wfs_featuretype[$i]->featuretype_name, $this->wfs_featuretype[$i]->featuretype_title, $this->wfs_featuretype[$i]->featuretype_srs);
+ $t = array("i", "s", "s", "s");
#$res = mysql_query($sql) or $this->cleanDB($myWFS,$sql);
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
# save the id of each featuretype:
$this->wfs_featuretype[$i]->mysql_id = db_insert_id($con,'wfs_featuretype','featuretype_id');
for($j=0; $j<count($this->wfs_featuretype[$i]->featuretype_element);$j++){
- $sql = "INSERT INTO wfs_element(fkey_featuretype_id, element_name,element_type) ";
- $sql .= "VALUES(";
- $sql .= "'" .$this->wfs_featuretype[$i]->mysql_id. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_element[$j]["name"]. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_element[$j]["type"]. "' ";
- $sql .= ")";
+ $sql = "INSERT INTO wfs_element(fkey_featuretype_id, ";
+ $sql .= "element_name,element_type) VALUES ($1, $2, $3)";
+
+ $v = array($this->wfs_featuretype[$i]->mysql_id, $this->wfs_featuretype[$i]->featuretype_element[$j]["name"], $this->wfs_featuretype[$i]->featuretype_element[$j]["type"]);
+ $t = array("s", "s", "s");
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
}
for($j=0; $j<count($this->wfs_featuretype[$i]->featuretype_namespace);$j++){
- $sql = "INSERT INTO wfs_featuretype_namespace(fkey_wfs_id, fkey_featuretype_id, namespace, namespace_location) ";
- $sql .= "VALUES(";
- $sql .= "'" .$myWFS. "',";
- $sql .= "'" .$this->wfs_featuretype[$i]->mysql_id. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_namespace[$j]["name"]. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_namespace[$j]["value"]. "' ";
- $sql .= ")";
+ $sql = "INSERT INTO wfs_featuretype_namespace (fkey_wfs_id, ";
+ $sql .= "fkey_featuretype_id, namespace, namespace_location) ";
+ $sql .= "VALUES ($1, $2, $3, $4)";
+ $v = array($myWFS, $this->wfs_featuretype[$i]->mysql_id, $this->wfs_featuretype[$i]->featuretype_namespace[$j]["name"], $this->wfs_featuretype[$i]->featuretype_namespace[$j]["value"]);
+ $t = array("i", "s", "s", "s");
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
}
}
# TABLE gui_wfs
$sql ="INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id)";
- $sql .= "VALUES(";
- $sql .= "'" . $gui_id . "', ";
- $sql .= $myWFS;
- $sql .= ");";
+ $sql .= "VALUES ($1, $2)";
+ $v = array($gui_id, $myWFS);
+ $t = array("s", "i");
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
}
function cleanDB($wfsid,$sql){
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $s = "DELETE FROM wfs WHERE wfs_id = ".$wfsid;
- $res = db_query($s);
+ $s = "DELETE FROM wfs WHERE wfs_id = $1";
+ $v = array($wfsid);
+ $t = array("i");
+ $res = db_prep_query($s, $v, $t);
echo "<br>Error in :".$sql."<br>";
echo "<br>Db cleaned.<br>";
die;
Modified: branches/2.4.5/2.4.4_leak/http/classes/class_wfs_conf.php
===================================================================
--- tags/2.4.4/http/classes/class_wfs_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_wfs_conf.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,5 @@
<?php
-# $Id: class_wfs_conf.php 530 2006-06-19 15:08:35Z vera_schulze $
+# $Id$
# http://www.mapbender.org/index.php/class_wfs_conf.php
# Copyright (C) 2002 CCGIS
#
@@ -91,8 +91,10 @@
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = ".$id;
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = $1";
+ $v = array($id);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while ($row = db_fetch_array($res)){
$this->featuretype_id[$cnt] = $row["featuretype_id"];
@@ -118,8 +120,10 @@
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wfs_element WHERE fkey_featuretype_id = ".$fid;
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs_element WHERE fkey_featuretype_id = $1";
+ $v = array($fid);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while ($row = db_fetch_array($res)){
$this->element_id[$cnt] = $row["element_id"];
@@ -142,8 +146,10 @@
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wfs_featuretype_namespace WHERE fkey_featuretype_id = ".$fid;
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs_featuretype_namespace WHERE fkey_featuretype_id = $1";
+ $v = array($fid);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while ($row = db_fetch_array($res)){
$this->namespace_name[$cnt] = $row["namespace"];
Deleted: branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php
===================================================================
--- tags/2.4.4/http/classes/class_wmc.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,715 +0,0 @@
-<?php
-# $Id: class_wmc.php 645 2006-12-08 12:58:39Z christoph $
-# http://www.mapbender.org/index.php/class_wmc.php
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-require_once("../classes/class_wms.php");
-require_once("../classes/class_mb_exception.php");
-require_once("../classes/class_administration.php");
-
-function sepNameSpace($s){
- $c = strpos($s,":");
- if($c>0)return substr($s,$c+1);
- return $s;
-}
-class wmc {
-
- var $wmc_id;
- var $wmc_version;
- var $wmc_windowWidth;
- var $wmc_windowHeight;
- var $wmc_bBox_SRS;
- var $wmc_bBox_minx;
- var $wmc_bBox_maxx;
- var $wmc_bBox_miny;
- var $wmc_bBox_maxy;
- var $wmc_name;
- var $wmc_title;
- var $wmc_abstract;
- var $wmc_logourl;
- var $wmc_logourl_format;
- var $wmc_logourl_type;
- var $wmc_logourl_width;
- var $wmc_logourl_height;
- var $wmc_descriptionurl;
- var $wmc_descriptionurl_format;
- var $wmc_descriptionurl_type;
- var $wmc_keyword = array();
- var $wmc_contactposition;
- var $wmc_contactvoicetelephone;
- var $wmc_contactemail;
- var $wmc_contactfacsimiletelephone;
- var $wmc_contactperson;
- var $wmc_contactorganization;
- var $wmc_contactaddresstype;
- var $wmc_contactaddress;
- var $wmc_contactcity;
- var $wmc_contactstateorprovince;
- var $wmc_contactpostcode;
- var $wmc_contactcountry;
-
- var $wmc_wms_title = array();
- var $wmc_layer_queryable = array();
- var $wmc_layer_querylayer = array();
- var $wmc_layer_hidden = array();
- var $wmc_wms_id = array();
- var $wmc_wms_service = array();
- var $wmc_wms_version = array();
- var $wmc_layer_id = array();
- var $wmc_layer_title = array();
- var $wmc_layer_name = array();
- var $wmc_layer_abstract = array();
- var $wmc_layer_srs = array();
- var $wmc_wms_serviceURL = array();
- var $wmc_layer_format_current = array();
- var $wmc_layer_dataurl = array();
- var $wmc_layer_metadataurl = array();
- var $wmc_layer_minscale = array();
- var $wmc_layer_maxscale = array();
- var $wmc_layer_format = array();
- var $wmc_layer_style_current = array();
- var $wmc_layer_style_name = array();
- var $wmc_layer_style_title = array();
- var $wmc_layer_style_legendurl = array();
- var $wmc_layer_style_legendurl_width = array();
- var $wmc_layer_style_legendurl_height = array();
- var $wmc_layer_style_legendurl_format = array();
- var $wmc_layer_style_legendurl_type = array();
- var $wmc_layer_style_sld_url = array();
- var $wmc_layer_style_sld_type = array();
- var $wmc_layer_style_sld_title = array();
- var $wmc_wms_count = 0;
-
- function wmc() {
- }
-
- function getTitle() {
- return $this->wmc_title;
- }
-
- function getNumberOfWms () {
- return $this->wmc_wms_count;
- }
-
- function createObjFromWMC_id($wmc_id){
-
- $con = db_connect(DBSERVER,OWNER,PW);
- db_select_db(DB, $con);
-
- $sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1";
- $v = array($wmc_id);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- $wmc = db_fetch_array($res);
- $this->createObjFromWMC_xml($wmc[0]);
-
- }
-
- function createObjFromWMC_xml($data){
- $values = NULL;
- $tags = NULL;
- $parser = xml_parser_create(CHARSET);
- xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
- xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
- xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
- xml_parse_into_struct($parser,$data,$values,$tags);
- $code = xml_get_error_code ($parser);
- if ($code) {
- $line = xml_get_current_line_number($parser);
- $mb_exception = new mb_exception(xml_error_string($code) . " in line " . $line);
- return false;
- }
- xml_parser_free($parser);
-
- $section = NULL;
- $format = NULL;
- $cnt_format = 0;
- $parent = array();
- $myParent = array();
- $cnt_layer = -1;
- $request = NULL;
- $layer_style = array();
- $cnt_style = -1;
- $extension = false;
-
- $general = false;
- $layerlist = false;
- $layer = false;
- $formatlist = false;
- $metadataurl = false;
- $dataurl = false;
- $stylelist = false;
-
- foreach ($values as $element) {
- if(strtoupper($element[tag]) == "VIEWCONTEXT" && $element[type] == "open"){
- $this->wmc_id = $element[attributes]["id"];
- $this->wmc_version = $element[attributes]["version"];
- }
- if(strtoupper($element[tag]) == "GENERAL" && $element[type] == "open"){
- $general = true;
- }
- if(strtoupper($element[tag]) == "LAYERLIST" && $element[type] == "open"){
- $layerlist = true;
- }
- if ($general) {
- if(strtoupper($element[tag]) == "WINDOW"){
- $this->wmc_windowWidth = $element[attributes]["width"];
- $this->wmc_windowHeight = $element[attributes]["height"];
- }
- if(strtoupper($element[tag]) == "BOUNDINGBOX"){
- $this->wmc_bBox_SRS = $element[attributes]["SRS"];
- $this->wmc_bBox_minx = $element[attributes]["minx"];
- $this->wmc_bBox_miny = $element[attributes]["miny"];
- $this->wmc_bBox_maxx = $element[attributes]["maxx"];
- $this->wmc_bBox_maxy = $element[attributes]["maxy"];
- }
- if(strtoupper($element[tag]) == "NAME"){
- $this->wmc_name = $element[value];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_title = $element[value];
- }
- if(strtoupper($element[tag]) == "ABSTRACT"){
- $this->wmc_abstract = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTINFORMATION" && $element['type'] == "open"){
- $contactinformation = true;
- }
- if ($contactinformation) {
- if(strtoupper($element[tag]) == "CONTACTPOSITION"){
- $this->wmc_contactposition = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTVOICETELEPHONE"){
- $this->wmc_contactvoicetelephone = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTFACSIMILETELEPHONE"){
- $this->wmc_contactfacsimiletelephone = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTELECTRONICMAILADDRESS"){
- $this->wmc_contactemail = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "open"){
- $contactpersonprimary = true;
- }
- if ($contactpersonprimary) {
- if(strtoupper($element[tag]) == "CONTACTPERSON"){
- $this->wmc_contactperson = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTORGANIZATION"){
- $this->wmc_contactorganization = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "close"){
- $contactpersonprimary = false;
- }
- }
- if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "open"){
- $contactaddress = true;
- }
- if ($contactaddress) {
- if(strtoupper($element[tag]) == "ADDRESSTYPE"){
- $this->wmc_contactaddresstype = $element[value];
- }
- if(strtoupper($element[tag]) == "ADDRESS"){
- $this->wmc_contactaddress = $element[value];
- }
- if(strtoupper($element[tag]) == "CITY"){
- $this->wmc_contactcity = $element[value];
- }
- if(strtoupper($element[tag]) == "STATEORPROVINCE"){
- $this->wmc_contactstateorprovince = $element[value];
- }
- if(strtoupper($element[tag]) == "POSTCODE"){
- $this->wmc_contactpostcode = $element[value];
- }
- if(strtoupper($element[tag]) == "COUNTRY"){
- $this->wmc_contactcountry = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "close"){
- $contactaddress = false;
- }
- }
- }
- if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "open"){
- $logourl = true;
- $this->wmc_logourl_width = $element[attributes]["width"];
- $this->wmc_logourl_height = $element[attributes]["height"];
- $this->wmc_logourl_format = $element[attributes]["format"];
- }
- if ($logourl) {
- if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "close"){
- $logourl = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_logourl_type = $element[attributes]["xlink:type"];
- $this->wmc_logourl = $element[attributes]["xlink:href"];
- }
- }
- if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "open"){
- $descriptionurl = true;
- $this->wmc_descriptionurl_format = $element[attributes]["format"];
- }
- if ($descriptionurl) {
- if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "close"){
- $descriptionurl = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_descriptionurl_type = $element[attributes]["xlink:type"];
- $this->wmc_descriptionurl = $element[attributes]["xlink:href"];
- }
- }
- if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "open"){
- $keywordlist = true;
- }
- if ($keywordlist) {
- if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "close"){
- $keywordlist = false;
- $cnt_keyword = -1;
- }
- if(strtoupper($element[tag]) == "KEYWORD"){
- $cnt_keyword++;
- $this->wmc_keyword[$cnt_keyword] = $element[value];
- }
- }
-
- if(strtoupper($element[tag]) == "GENERAL" && $element['type'] == "close"){
- $general = false;
- }
- }
- if ($layerlist) {
- if(strtoupper($element[tag]) == "LAYERLIST" && $element['type'] == "close"){
- $layerlist = false;
- }
- if(strtoupper($element[tag]) == "LAYER" && $element[type] == "open"){
- $cnt_layer++;
- $this->wmc_layer_queryable[$cnt_layer] = $element[attributes]["queryable"];
- $this->wmc_layer_hidden[$cnt_layer] = $element[attributes]["hidden"];
- $layer = true;
- $cnt_epsg = 0;
- }
- if ($layer) {
- if(strtoupper($element[tag]) == "LAYER" && $element[type] == "close"){
- $layer = false;
- }
- if ($formatlist) {
- if(strtoupper($element[tag]) == "FORMAT"){
- $cnt_format++;
- $this->wmc_layer_format_current[$cnt_layer][$cnt_format] = $element[attributes]["current"];
- $this->wmc_layer_format[$cnt_layer][$cnt_format] = $element[value];
- }
- if(strtoupper($element[tag]) == "FORMATLIST" && $element[type] == "close"){
- $formatlist = false;
- }
- }
- elseif ($metadataurl) {
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_metadataurl[$cnt_layer] = $element[attributes]["xlink:href"];
- }
- if(strtoupper($element[tag]) == "METADATAURL" && $element[type] == "close"){
- $metadataurl = false;
- }
- }
- elseif ($dataurl) {
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_dataurl[$cnt_layer] = $element[attributes]["xlink:href"];
- }
- if(strtoupper($element[tag]) == "DATAURL" && $element[type] == "close"){
- $dataurl = false;
- }
- }
- elseif ($stylelist) {
- if(strtoupper($element[tag]) == "STYLE" && $element[type] == "open"){
- $cnt_style++;
- $style = true;
- $this->wmc_layer_style_current[$cnt_layer][$cnt_style] = $element[attributes]["current"];
- }
- if ($style) {
- if(strtoupper($element[tag]) == "STYLE" && $element[type] == "close"){
- $style = false;
- }
- if(strtoupper($element[tag]) == "SLD" && $element[type] == "open"){
- $sld = true;
- }
- if ($sld) {
- if(strtoupper($element[tag]) == "SLD" && $element[type] == "close"){
- $sld = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_style_sld_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
- $this->wmc_layer_style_sld_url[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_layer_style_sld_title[$cnt_layer][$cnt_style] = $element[value];
- }
- }
- else {
- if(strtoupper($element[tag]) == "NAME"){
- $this->wmc_layer_style_name[$cnt_layer][$cnt_style] = $element[value];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_layer_style_title[$cnt_layer][$cnt_style] = $element[value];
- }
- if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "open"){
- $legendurl = true;
- $this->wmc_layer_style_legendurl_width[$cnt_layer][$cnt_style] = $element[attributes]["width"];
- $this->wmc_layer_style_legendurl_height[$cnt_layer][$cnt_style] = $element[attributes]["height"];
- $this->wmc_layer_style_legendurl_format[$cnt_layer][$cnt_style] = $element[attributes]["format"];
- }
- if ($legendurl) {
- if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "close"){
- $legendurl = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_style_legendurl_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
- $this->wmc_layer_style_legendurl[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
- }
- }
- }
- }
- if(strtoupper($element[tag]) == "STYLELIST" && $element[type] == "close"){
- $stylelist = false;
- }
- }
- else {
- if(strtoupper($element[tag]) == "SERVER" && $element[type] == "open"){
- $server = true;
- $this->wmc_wms_service[$cnt_layer] = $element[attributes]["service"];
- $this->wmc_wms_version[$cnt_layer] = $element[attributes]["version"];
- $this->wmc_wms_title[$cnt_layer] = $element[attributes]["title"];
- }
- if ($server) {
- if(strtoupper($element[tag]) == "SERVER" && $element[type] == "close"){
- $server = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_wms_serviceURL[$cnt_layer] = $element[attributes]["xlink:href"];
- }
- }
- if(strtoupper($element[tag]) == "NAME"){
- $this->wmc_layer_name[$cnt_layer] = $element[value];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_layer_title[$cnt_layer] = $element[value];
- }
- if(strtoupper($element[tag]) == "ABSTRACT"){
- $this->wmc_layer_abstract[$cnt_layer] = $element[value];
- }
- if(strtoupper($element[tag]) == "SRS"){
- $epsgArray = explode(" ", $element[value]);
-
- for ($c = 0 ; $c < count($epsgArray) ; $c ++) {
- $this->wmc_layer_srs[$cnt_layer][$cnt_epsg] = $epsgArray[$c];
- $cnt_epsg++;
- }
- }
- if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "open") {
- $extension = true;
- }
- if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "close") {
- $extension = false;
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "SCALEHINT"){
- $this->wmc_layer_minscale[$cnt_layer] = $element[attributes]["min"];
- $this->wmc_layer_maxscale[$cnt_layer] = $element[attributes]["max"];
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "LAYER_ID"){
- $this->wmc_layer_id[$cnt_layer] = $element[value];
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "WMS_ID"){
- $this->wmc_wms_id[$cnt_layer] = $element[value];
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "QUERYLAYER"){
- $this->wmc_layer_querylayer[$cnt_layer] = $element[value];
- }
- if(strtoupper(sepNameSpace($element[tag])) == "METADATAURL" && $element[type] == "open"){
- $metadataurl = true;
- }
- if(strtoupper(sepNameSpace($element[tag])) == "DATAURL" && $element[type] == "open"){
- $dataurl = true;
- }
- if(strtoupper(sepNameSpace($element[tag])) == "FORMATLIST" && $element[type] == "open"){
- $formatlist = true;
- $cnt_format = -1;
- }
- if(strtoupper(sepNameSpace($element[tag])) == "STYLELIST" && $element[type] == "open"){
- $stylelist = true;
- $cnt_style = -1;
- }
- }
- }
- }
- }
- return true;
- }
-
- function createJsObjFromWMC($target, $mapObj, $action){
- $wmc_string = "";
- $validActions = array("load", "merge", "append");
- if (!in_array($action, $validActions)) {
- $wmc_string .= "alert('invalid action: ".$action."');";
- }
- else {
- $wmc_string .= "var index = " . $target . "getMapObjIndexByName('" . $mapObj . "');\n";
- if ($action == "load") {
- // delete all previous wms
- $wmc_string .= "while(" . $target . "mb_mapObj[index].wms.length > 0){" . $target . "mb_mapObjremoveWMS(index,0);}";
- $wmc_string .= $target . "deleteWmsObject();\n";
- }
- if ($action == "merge") {
- $wmc_string .= "var wms_exists = false;\n"; // true if this wms exists in the mapObj
- $wmc_string .= "var current_wms_index = null;\n"; // if wms_exists: index of the wms in the map obj; else: null
- $wmc_string .= "var layer_exists = false;\n"; // true if this layer exists in an existing wms of the mapObj
- $wmc_string .= "var current_layer_index = null;\n"; // if layer_exists: index of the layer of the wms in the mapObj; else: null
- }
- $new_wms = "";
- $cnt_wms = -1;
- $added_wms = array();
-
- // for all layers in wmc, find individual wms...
- for ($i = 0; $i < count($this->wmc_layer_title); $i++) {
- $current_wms = $this->wmc_wms_serviceURL[$i];
- // ...this is something like 'for every wms'
- if (!in_array($current_wms , $added_wms)) {
- $layerlist = "";
- $querylayerlist = "";
- $srs_array = array();
-
- if ($action == "merge") {
- $wmc_string .= "wms_exists = false;\n";
- $wmc_string .= "current_wms_index = null;\n";
- $wmc_string .= "for (var m=0; m < " . $target . "mb_mapObj[index].wms.length; m++) {\n";
- $wmc_string .= "\tif ('" . $this->wmc_wms_serviceURL[$i] . "' == " . $target . "mb_mapObj[index].wms[m].wms_getmap) {\n";
- $wmc_string .= "\t\twms_exists = true;\n";
- $wmc_string .= "\t\tcurrent_wms_index = m;\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "}\n";
- $wmc_string .= "if (!wms_exists) {\n";
- }
-
- $mywms = new wms();
-
- if(!$this->wmc_layer_title[$i] || $this->wmc_layer_title[$i] == ""){
- echo "alert('Error: no valid capabilities-document !!');\n";
- die; exit;
- }
-
- for($j=0;$j<count($this->wmc_layer_format[$i]);$j++){
- if ($this->wmc_layer_format_current[$i][$j] == 1) {
- $wms_data_format = $this->wmc_layer_format[$i][$j];
- }
- }
- // add wms
- $wmc_string .= "\t" . $target . "add_wms('','".
- $this->wmc_wms_version[$i] ."','".
- $this->wmc_wms_title[$i] ."','".
- $this->wmc_layer_abstract[$i] ."','".
- $this->wmc_wms_serviceURL[$i] ."','" .
- $this->wmc_wms_serviceURL[$i] ."','" .
- $this->wmc_layer_style_legendurl[$i][0] ."','','".
- $wms_data_format ."','text/html','application/vnd.ogc.se_xml','".
- $this->wmc_bBox_SRS ."','1');\n";
-
- $added_wms[count($added_wms)] = $current_wms;
- $cnt_wms++;
- $cnt_layers = 0;
- $cnt_query_layers = 0;
- if ($action == "merge") {
- $wmc_string .= "}\n";
- }
-
- // add epsg
- $wmc_string .= $target . "wms_addSRS('".
- $this->wmc_bBox_SRS ."','".
- $this->wmc_bBox_minx ."','".
- $this->wmc_bBox_miny ."','".
- $this->wmc_bBox_maxx ."','".
- $this->wmc_bBox_maxy ."','".
- "');\n";
-
- // for each layer...
- for ($ii = 0; $ii < count($this->wmc_layer_title); $ii++) {
- $layer_wms = $this->wmc_wms_serviceURL[$ii];
- // ... of this wms
- if ($current_wms == $layer_wms) {
-
- // add format (FIXME: is this working?)
- $z = count($this->wmc_layer_format[$ii]);
- for($j=0;$j<$z;$j++){
- $wmc_string .= $target . "wms_add_data_type_format('map','". $this->wmc_layer_format[$ii][$j] ."');\n";
- }
-
- if ($cnt_layers == 0) {
- if ($action == "merge") {
- $wmc_string .= "if (!wms_exists) {\n\t";
- }
- // add parent layer
- $wmc_string .= $target . "wms_add_layer('','".$this->wmc_layer_id[$i]."','','". $this->wmc_wms_title[$i] ."','','0','0','0','0','','".$this->wmc_wms_id[$i]."','1','1','1','0','0','0','0');\n";
- if ($action == "merge") {
- $wmc_string .= "}\n";
- }
- }
-
- $cnt_layers++;
-
- if ($action == "merge") {
- $wmc_string .= "if (wms_exists) {\n";
-
- // check if this layer already exists in this wms
- $wmc_string .= "\tlayer_exists = false;\n";
- $wmc_string .= "\tcurrent_layer_index = null;\n";
- $wmc_string .= "\tfor (var m=0; m < " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer.length; m++) {\n";
- $wmc_string .= "\t\tif ('" . $this->wmc_layer_name[$ii] . "' == " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[m].layer_name) {\n";
- $wmc_string .= "\t\t\tlayer_exists = true;\n";
- $wmc_string .= "\t\t\tcurrent_layer_index = m;\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t}\n";
-
- $wmc_string .= "\tif (layer_exists) {\n";
- // check if the visibility or the queryability are different to the existing layer
- $wmc_string .= "\t\tif (" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible != '" . intval(!$this->wmc_layer_hidden[$ii]) . "'";
- $wmc_string .= " || " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer != '" . $this->wmc_layer_queryable[$ii] . "') {\n";
-
- // if yes, update the visibility and queryability
- $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible = " . intval(!$this->wmc_layer_hidden[$ii]) . ";\n";
- $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer = " . $this->wmc_layer_queryable[$ii] . ";\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "}\n";
- $wmc_string .= "\telse {\n";
- }
-
- // add layer
- $wmc_string .= "\t" . $target . "wms_add_layer('0','".
- $this->wmc_layer_id[$ii] . "','".
- $this->wmc_layer_name[$ii] . "','".
- $this->wmc_layer_title[$ii] ."','".
- $this->wmc_layer_dataurl[$ii] . "','".
- intval($cnt_layers) ."','".
- $this->wmc_layer_queryable[$ii] ."','".
- $this->wmc_layer_minscale[$ii] ."','".
- $this->wmc_layer_maxscale[$ii] ."','".
- $this->wmc_layer_metadataurl[$ii] ."','".
- $this->wmc_wms_id[$ii] ."','1','1','".
- intval(!$this->wmc_layer_hidden[$ii]) ."','".
- $this->wmc_layer_queryable[$ii] ."','".
- $this->wmc_layer_querylayer[$ii] ."','".
- $this->wmc_layer_minscale[$ii] ."','".
- $this->wmc_layer_maxscale[$ii] ."');\n";
-
- if ($action == "merge") {
- $wmc_string .= "\t}\n";
- }
-
- // if layer is queryable, add it to querylayerlist
- if ($this->wmc_layer_queryable[$ii]) {
- $cnt_query_layers++;
- if (!in_array($this->wmc_layer_name[$ii], explode(",",$querylayerlist))) {
- if ($querylayerlist == "") {$querylayerlist = $this->wmc_layer_name[$ii];} else {$querylayerlist .= "," . $this->wmc_layer_name[$ii];}
- }
- }
- // if layer is visible, add it to layerlist
- if (intval(!$this->wmc_layer_hidden[$ii]) && !in_array($this->wmc_layer_name[$ii], explode(",",$layerlist))) {
- if ($layerlist == "") {$layerlist = $this->wmc_layer_name[$ii];} else {$layerlist .= "," . $this->wmc_layer_name[$ii];}
- }
-
- // add layer style (FIXME: is this working?)
- for($j=0; $j<count($this->wmc_layer_style_name[$ii]);$j++){
- $wmc_string .= $target . "wms_addLayerStyle('".$this->wmc_layer_style_name[$ii][$j] ."','".$this->wmc_layer_style_title[$ii][$j] ."','".$j."','".$cnt_layers."', '" . $this->wmc_layer_style_legendurl[$ii][$j] . "', '" . $this->wmc_layer_style_legendurl_format[$ii][$j] . "');\n";
- }
- }
- }
- // add wms to mapObj with all layers and querylayers
- if ($action == "merge") {
- $wmc_string .= "if (!wms_exists) {\n";
- }
- $wmc_string .= $target. "mb_mapObjaddWMSwithLayers('" . $mapObj . "', '" . $layerlist . "', '" . $querylayerlist . "');\n";
- if ($action == "merge") {
- $wmc_string .= "}\n";
- $wmc_string .= "else {\n";
- $wmc_string .= $target. "mb_mapObj[index].layers[current_wms_index] = \"" . $layerlist . "\";\n";
- $wmc_string .= $target. "mb_mapObj[index].querylayers[current_wms_index] = \"" . $querylayerlist . "\";\n";
- $wmc_string .= "}\n";
- }
- }
- }
- $wmc_string .= "var old_mapObj = ".$target."cloneObject(".$target."mb_mapObj);\n";
- $wmc_string .= $target . "deleteMapObj();\n";
- $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
- $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
- $wmc_string .= "\t\t" . $target . "mb_registerMapObj(old_mapObj[i].frameName, old_mapObj[i].elementName, null, " . $this->wmc_windowWidth . ", " . $this->wmc_windowHeight . ");\n";
- $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.width = " . $this->wmc_windowWidth . ";\n";
- $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.height = " . $this->wmc_windowHeight . ";\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "\telse {\n";
- $wmc_string .= "\t\tvar found = false;\n";
- $wmc_string .= "\t\tfor (var j=0; j < " . $target . "wms.length && found == false; j++) {\n";
- $wmc_string .= "\t\t\tif (" . $target . "wms[j].wms_getmap == old_mapObj[i].wms[0].wms_getmap) {\n";
- $wmc_string .= "\t\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, j, old_mapObj[i].width, old_mapObj[i].height);\n";
- $wmc_string .= "\t\t\t\tfound = true;\n";
- $wmc_string .= "\t\t\t}\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t\tif (!found) {\n";
- $wmc_string .= "\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, 0, old_mapObj[i].width, old_mapObj[i].height);\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "}\n";
-
- $sql = "SELECT minx, miny, maxx, maxy FROM layer_epsg WHERE fkey_layer_id = $1 AND epsg = $2 LIMIT 1";
- $v = array($this->wmc_layer_id[0], $this->wmc_bBox_SRS);
- $t = array('i', 's');
- $res = db_prep_query($sql, $v, $t);
- $row = db_fetch_array($res);
- if ($row["minx"] && $row["miny"] && $row["maxx"] && $row["maxy"]) {
- $ov_bbox = array($row["minx"],$row["miny"],$row["maxx"],$row["maxy"]);
- }
- else if ($this->wmc_layer_id[0] && $this->wmc_bBox_SRS){
- $ov_bbox = array($this->wmc_bBox_minx, $this->wmc_bBox_miny, $this->wmc_bBox_maxx, $this->wmc_bBox_maxy);
- }
- else {
- $ov_bbox = array();
- }
- $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
- $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
- $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
- $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
- $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "\telse {\n";
- if (count($ov_bbox)>0) {
-// $wmc_string .= "alert('found bbox for ov: ".implode(',',$ov_bbox)."');";
- $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
- $wmc_string .= $ov_bbox[0] .",".$ov_bbox[1] .",";
- $wmc_string .= $ov_bbox[2] .",".$ov_bbox[3] .");\n";
- }
- else {
-// $wmc_string .= "alert('no bbox found for ov: old bbox ".$this->wmc_bBox_minx." etc');";
- $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
- $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
- $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
-// $wmc_string .= "\t\tvar ov_index = " . $target . "getMapObjIndexByName('overview');\n";
-// $wmc_string .= "\t\t" . $target . "mb_mapObj[ov_index].extent = old_mapObj[i].extent;\n";
- }
- $wmc_string .= "\t}\n";
- $wmc_string .= "\t". $target . "setMapRequest(old_mapObj[i].frameName);\n";
- $wmc_string .= "}\n";
- $wmc_string .= $target . "mb_execloadWmsSubFunctions();\n";
- }
- return $wmc_string;
- }
-}
-// end class
-?>
Copied: branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php (from rev 2025, tags/2.4.4/http/classes/class_wmc.php)
===================================================================
--- branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php (rev 0)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_wmc.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -0,0 +1,715 @@
+<?php
+# $Id: class_wmc.php 645 2006-12-08 12:58:39Z christoph $
+# http://www.mapbender.org/index.php/class_wmc.php
+# Copyright (C) 2002 CCGIS
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+require_once("../../conf/mapbender.conf");
+require_once("../classes/class_wms.php");
+require_once("../classes/class_mb_exception.php");
+require_once("../classes/class_administration.php");
+
+function sepNameSpace($s){
+ $c = strpos($s,":");
+ if($c>0)return substr($s,$c+1);
+ return $s;
+}
+class wmc {
+
+ var $wmc_id;
+ var $wmc_version;
+ var $wmc_windowWidth;
+ var $wmc_windowHeight;
+ var $wmc_bBox_SRS;
+ var $wmc_bBox_minx;
+ var $wmc_bBox_maxx;
+ var $wmc_bBox_miny;
+ var $wmc_bBox_maxy;
+ var $wmc_name;
+ var $wmc_title;
+ var $wmc_abstract;
+ var $wmc_logourl;
+ var $wmc_logourl_format;
+ var $wmc_logourl_type;
+ var $wmc_logourl_width;
+ var $wmc_logourl_height;
+ var $wmc_descriptionurl;
+ var $wmc_descriptionurl_format;
+ var $wmc_descriptionurl_type;
+ var $wmc_keyword = array();
+ var $wmc_contactposition;
+ var $wmc_contactvoicetelephone;
+ var $wmc_contactemail;
+ var $wmc_contactfacsimiletelephone;
+ var $wmc_contactperson;
+ var $wmc_contactorganization;
+ var $wmc_contactaddresstype;
+ var $wmc_contactaddress;
+ var $wmc_contactcity;
+ var $wmc_contactstateorprovince;
+ var $wmc_contactpostcode;
+ var $wmc_contactcountry;
+
+ var $wmc_wms_title = array();
+ var $wmc_layer_queryable = array();
+ var $wmc_layer_querylayer = array();
+ var $wmc_layer_hidden = array();
+ var $wmc_wms_id = array();
+ var $wmc_wms_service = array();
+ var $wmc_wms_version = array();
+ var $wmc_layer_id = array();
+ var $wmc_layer_title = array();
+ var $wmc_layer_name = array();
+ var $wmc_layer_abstract = array();
+ var $wmc_layer_srs = array();
+ var $wmc_wms_serviceURL = array();
+ var $wmc_layer_format_current = array();
+ var $wmc_layer_dataurl = array();
+ var $wmc_layer_metadataurl = array();
+ var $wmc_layer_minscale = array();
+ var $wmc_layer_maxscale = array();
+ var $wmc_layer_format = array();
+ var $wmc_layer_style_current = array();
+ var $wmc_layer_style_name = array();
+ var $wmc_layer_style_title = array();
+ var $wmc_layer_style_legendurl = array();
+ var $wmc_layer_style_legendurl_width = array();
+ var $wmc_layer_style_legendurl_height = array();
+ var $wmc_layer_style_legendurl_format = array();
+ var $wmc_layer_style_legendurl_type = array();
+ var $wmc_layer_style_sld_url = array();
+ var $wmc_layer_style_sld_type = array();
+ var $wmc_layer_style_sld_title = array();
+ var $wmc_wms_count = 0;
+
+ function wmc() {
+ }
+
+ function getTitle() {
+ return $this->wmc_title;
+ }
+
+ function getNumberOfWms () {
+ return $this->wmc_wms_count;
+ }
+
+ function createObjFromWMC_id($wmc_id){
+
+ $con = db_connect(DBSERVER,OWNER,PW);
+ db_select_db(DB, $con);
+
+ $sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1";
+ $v = array($wmc_id);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $wmc = db_fetch_array($res);
+ $this->createObjFromWMC_xml($wmc[0]);
+
+ }
+
+ function createObjFromWMC_xml($data){
+ $values = NULL;
+ $tags = NULL;
+ $parser = xml_parser_create(CHARSET);
+ xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
+ xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
+ xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
+ xml_parse_into_struct($parser,$data,$values,$tags);
+ $code = xml_get_error_code ($parser);
+ if ($code) {
+ $line = xml_get_current_line_number($parser);
+ $mb_exception = new mb_exception(xml_error_string($code) . " in line " . $line);
+ return false;
+ }
+ xml_parser_free($parser);
+
+ $section = NULL;
+ $format = NULL;
+ $cnt_format = 0;
+ $parent = array();
+ $myParent = array();
+ $cnt_layer = -1;
+ $request = NULL;
+ $layer_style = array();
+ $cnt_style = -1;
+ $extension = false;
+
+ $general = false;
+ $layerlist = false;
+ $layer = false;
+ $formatlist = false;
+ $metadataurl = false;
+ $dataurl = false;
+ $stylelist = false;
+
+ foreach ($values as $element) {
+ if(strtoupper($element[tag]) == "VIEWCONTEXT" && $element[type] == "open"){
+ $this->wmc_id = $element[attributes]["id"];
+ $this->wmc_version = $element[attributes]["version"];
+ }
+ if(strtoupper($element[tag]) == "GENERAL" && $element[type] == "open"){
+ $general = true;
+ }
+ if(strtoupper($element[tag]) == "LAYERLIST" && $element[type] == "open"){
+ $layerlist = true;
+ }
+ if ($general) {
+ if(strtoupper($element[tag]) == "WINDOW"){
+ $this->wmc_windowWidth = $element[attributes]["width"];
+ $this->wmc_windowHeight = $element[attributes]["height"];
+ }
+ if(strtoupper($element[tag]) == "BOUNDINGBOX"){
+ $this->wmc_bBox_SRS = $element[attributes]["SRS"];
+ $this->wmc_bBox_minx = $element[attributes]["minx"];
+ $this->wmc_bBox_miny = $element[attributes]["miny"];
+ $this->wmc_bBox_maxx = $element[attributes]["maxx"];
+ $this->wmc_bBox_maxy = $element[attributes]["maxy"];
+ }
+ if(strtoupper($element[tag]) == "NAME"){
+ $this->wmc_name = $element[value];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_title = $element[value];
+ }
+ if(strtoupper($element[tag]) == "ABSTRACT"){
+ $this->wmc_abstract = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTINFORMATION" && $element['type'] == "open"){
+ $contactinformation = true;
+ }
+ if ($contactinformation) {
+ if(strtoupper($element[tag]) == "CONTACTPOSITION"){
+ $this->wmc_contactposition = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTVOICETELEPHONE"){
+ $this->wmc_contactvoicetelephone = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTFACSIMILETELEPHONE"){
+ $this->wmc_contactfacsimiletelephone = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTELECTRONICMAILADDRESS"){
+ $this->wmc_contactemail = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "open"){
+ $contactpersonprimary = true;
+ }
+ if ($contactpersonprimary) {
+ if(strtoupper($element[tag]) == "CONTACTPERSON"){
+ $this->wmc_contactperson = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTORGANIZATION"){
+ $this->wmc_contactorganization = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "close"){
+ $contactpersonprimary = false;
+ }
+ }
+ if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "open"){
+ $contactaddress = true;
+ }
+ if ($contactaddress) {
+ if(strtoupper($element[tag]) == "ADDRESSTYPE"){
+ $this->wmc_contactaddresstype = $element[value];
+ }
+ if(strtoupper($element[tag]) == "ADDRESS"){
+ $this->wmc_contactaddress = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CITY"){
+ $this->wmc_contactcity = $element[value];
+ }
+ if(strtoupper($element[tag]) == "STATEORPROVINCE"){
+ $this->wmc_contactstateorprovince = $element[value];
+ }
+ if(strtoupper($element[tag]) == "POSTCODE"){
+ $this->wmc_contactpostcode = $element[value];
+ }
+ if(strtoupper($element[tag]) == "COUNTRY"){
+ $this->wmc_contactcountry = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "close"){
+ $contactaddress = false;
+ }
+ }
+ }
+ if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "open"){
+ $logourl = true;
+ $this->wmc_logourl_width = $element[attributes]["width"];
+ $this->wmc_logourl_height = $element[attributes]["height"];
+ $this->wmc_logourl_format = $element[attributes]["format"];
+ }
+ if ($logourl) {
+ if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "close"){
+ $logourl = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_logourl_type = $element[attributes]["xlink:type"];
+ $this->wmc_logourl = $element[attributes]["xlink:href"];
+ }
+ }
+ if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "open"){
+ $descriptionurl = true;
+ $this->wmc_descriptionurl_format = $element[attributes]["format"];
+ }
+ if ($descriptionurl) {
+ if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "close"){
+ $descriptionurl = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_descriptionurl_type = $element[attributes]["xlink:type"];
+ $this->wmc_descriptionurl = $element[attributes]["xlink:href"];
+ }
+ }
+ if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "open"){
+ $keywordlist = true;
+ }
+ if ($keywordlist) {
+ if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "close"){
+ $keywordlist = false;
+ $cnt_keyword = -1;
+ }
+ if(strtoupper($element[tag]) == "KEYWORD"){
+ $cnt_keyword++;
+ $this->wmc_keyword[$cnt_keyword] = $element[value];
+ }
+ }
+
+ if(strtoupper($element[tag]) == "GENERAL" && $element['type'] == "close"){
+ $general = false;
+ }
+ }
+ if ($layerlist) {
+ if(strtoupper($element[tag]) == "LAYERLIST" && $element['type'] == "close"){
+ $layerlist = false;
+ }
+ if(strtoupper($element[tag]) == "LAYER" && $element[type] == "open"){
+ $cnt_layer++;
+ $this->wmc_layer_queryable[$cnt_layer] = $element[attributes]["queryable"];
+ $this->wmc_layer_hidden[$cnt_layer] = $element[attributes]["hidden"];
+ $layer = true;
+ $cnt_epsg = 0;
+ }
+ if ($layer) {
+ if(strtoupper($element[tag]) == "LAYER" && $element[type] == "close"){
+ $layer = false;
+ }
+ if ($formatlist) {
+ if(strtoupper($element[tag]) == "FORMAT"){
+ $cnt_format++;
+ $this->wmc_layer_format_current[$cnt_layer][$cnt_format] = $element[attributes]["current"];
+ $this->wmc_layer_format[$cnt_layer][$cnt_format] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "FORMATLIST" && $element[type] == "close"){
+ $formatlist = false;
+ }
+ }
+ elseif ($metadataurl) {
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_metadataurl[$cnt_layer] = $element[attributes]["xlink:href"];
+ }
+ if(strtoupper($element[tag]) == "METADATAURL" && $element[type] == "close"){
+ $metadataurl = false;
+ }
+ }
+ elseif ($dataurl) {
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_dataurl[$cnt_layer] = $element[attributes]["xlink:href"];
+ }
+ if(strtoupper($element[tag]) == "DATAURL" && $element[type] == "close"){
+ $dataurl = false;
+ }
+ }
+ elseif ($stylelist) {
+ if(strtoupper($element[tag]) == "STYLE" && $element[type] == "open"){
+ $cnt_style++;
+ $style = true;
+ $this->wmc_layer_style_current[$cnt_layer][$cnt_style] = $element[attributes]["current"];
+ }
+ if ($style) {
+ if(strtoupper($element[tag]) == "STYLE" && $element[type] == "close"){
+ $style = false;
+ }
+ if(strtoupper($element[tag]) == "SLD" && $element[type] == "open"){
+ $sld = true;
+ }
+ if ($sld) {
+ if(strtoupper($element[tag]) == "SLD" && $element[type] == "close"){
+ $sld = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_style_sld_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
+ $this->wmc_layer_style_sld_url[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_layer_style_sld_title[$cnt_layer][$cnt_style] = $element[value];
+ }
+ }
+ else {
+ if(strtoupper($element[tag]) == "NAME"){
+ $this->wmc_layer_style_name[$cnt_layer][$cnt_style] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_layer_style_title[$cnt_layer][$cnt_style] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "open"){
+ $legendurl = true;
+ $this->wmc_layer_style_legendurl_width[$cnt_layer][$cnt_style] = $element[attributes]["width"];
+ $this->wmc_layer_style_legendurl_height[$cnt_layer][$cnt_style] = $element[attributes]["height"];
+ $this->wmc_layer_style_legendurl_format[$cnt_layer][$cnt_style] = $element[attributes]["format"];
+ }
+ if ($legendurl) {
+ if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "close"){
+ $legendurl = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_style_legendurl_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
+ $this->wmc_layer_style_legendurl[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
+ }
+ }
+ }
+ }
+ if(strtoupper($element[tag]) == "STYLELIST" && $element[type] == "close"){
+ $stylelist = false;
+ }
+ }
+ else {
+ if(strtoupper($element[tag]) == "SERVER" && $element[type] == "open"){
+ $server = true;
+ $this->wmc_wms_service[$cnt_layer] = $element[attributes]["service"];
+ $this->wmc_wms_version[$cnt_layer] = $element[attributes]["version"];
+ $this->wmc_wms_title[$cnt_layer] = $element[attributes]["title"];
+ }
+ if ($server) {
+ if(strtoupper($element[tag]) == "SERVER" && $element[type] == "close"){
+ $server = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_wms_serviceURL[$cnt_layer] = $element[attributes]["xlink:href"];
+ }
+ }
+ if(strtoupper($element[tag]) == "NAME"){
+ $this->wmc_layer_name[$cnt_layer] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_layer_title[$cnt_layer] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "ABSTRACT"){
+ $this->wmc_layer_abstract[$cnt_layer] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "SRS"){
+ $epsgArray = explode(" ", $element[value]);
+
+ for ($c = 0 ; $c < count($epsgArray) ; $c ++) {
+ $this->wmc_layer_srs[$cnt_layer][$cnt_epsg] = $epsgArray[$c];
+ $cnt_epsg++;
+ }
+ }
+ if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "open") {
+ $extension = true;
+ }
+ if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "close") {
+ $extension = false;
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "SCALEHINT"){
+ $this->wmc_layer_minscale[$cnt_layer] = $element[attributes]["min"];
+ $this->wmc_layer_maxscale[$cnt_layer] = $element[attributes]["max"];
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "LAYER_ID"){
+ $this->wmc_layer_id[$cnt_layer] = $element[value];
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "WMS_ID"){
+ $this->wmc_wms_id[$cnt_layer] = $element[value];
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "QUERYLAYER"){
+ $this->wmc_layer_querylayer[$cnt_layer] = $element[value];
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "METADATAURL" && $element[type] == "open"){
+ $metadataurl = true;
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "DATAURL" && $element[type] == "open"){
+ $dataurl = true;
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "FORMATLIST" && $element[type] == "open"){
+ $formatlist = true;
+ $cnt_format = -1;
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "STYLELIST" && $element[type] == "open"){
+ $stylelist = true;
+ $cnt_style = -1;
+ }
+ }
+ }
+ }
+ }
+ return true;
+ }
+
+ function createJsObjFromWMC($target, $mapObj, $action){
+ $wmc_string = "";
+ $validActions = array("load", "merge", "append");
+ if (!in_array($action, $validActions)) {
+ $wmc_string .= "alert('invalid action: ".$action."');";
+ }
+ else {
+ $wmc_string .= "var index = " . $target . "getMapObjIndexByName('" . $mapObj . "');\n";
+ if ($action == "load") {
+ // delete all previous wms
+ $wmc_string .= "while(" . $target . "mb_mapObj[index].wms.length > 0){" . $target . "mb_mapObjremoveWMS(index,0);}";
+ $wmc_string .= $target . "deleteWmsObject();\n";
+ }
+ if ($action == "merge") {
+ $wmc_string .= "var wms_exists = false;\n"; // true if this wms exists in the mapObj
+ $wmc_string .= "var current_wms_index = null;\n"; // if wms_exists: index of the wms in the map obj; else: null
+ $wmc_string .= "var layer_exists = false;\n"; // true if this layer exists in an existing wms of the mapObj
+ $wmc_string .= "var current_layer_index = null;\n"; // if layer_exists: index of the layer of the wms in the mapObj; else: null
+ }
+ $new_wms = "";
+ $cnt_wms = -1;
+ $added_wms = array();
+
+ // for all layers in wmc, find individual wms...
+ for ($i = 0; $i < count($this->wmc_layer_title); $i++) {
+ $current_wms = $this->wmc_wms_serviceURL[$i];
+ // ...this is something like 'for every wms'
+ if (!in_array($current_wms , $added_wms)) {
+ $layerlist = "";
+ $querylayerlist = "";
+ $srs_array = array();
+
+ if ($action == "merge") {
+ $wmc_string .= "wms_exists = false;\n";
+ $wmc_string .= "current_wms_index = null;\n";
+ $wmc_string .= "for (var m=0; m < " . $target . "mb_mapObj[index].wms.length; m++) {\n";
+ $wmc_string .= "\tif ('" . $this->wmc_wms_serviceURL[$i] . "' == " . $target . "mb_mapObj[index].wms[m].wms_getmap) {\n";
+ $wmc_string .= "\t\twms_exists = true;\n";
+ $wmc_string .= "\t\tcurrent_wms_index = m;\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "}\n";
+ $wmc_string .= "if (!wms_exists) {\n";
+ }
+
+ $mywms = new wms();
+
+ if(!$this->wmc_layer_title[$i] || $this->wmc_layer_title[$i] == ""){
+ echo "alert('Error: no valid capabilities-document !!');\n";
+ die; exit;
+ }
+
+ for($j=0;$j<count($this->wmc_layer_format[$i]);$j++){
+ if ($this->wmc_layer_format_current[$i][$j] == 1) {
+ $wms_data_format = $this->wmc_layer_format[$i][$j];
+ }
+ }
+ // add wms
+ $wmc_string .= "\t" . $target . "add_wms('','".
+ $this->wmc_wms_version[$i] ."','".
+ $this->wmc_wms_title[$i] ."','".
+ $this->wmc_layer_abstract[$i] ."','".
+ $this->wmc_wms_serviceURL[$i] ."','" .
+ $this->wmc_wms_serviceURL[$i] ."','" .
+ $this->wmc_layer_style_legendurl[$i][0] ."','','".
+ $wms_data_format ."','text/html','application/vnd.ogc.se_xml','".
+ $this->wmc_bBox_SRS ."','1');\n";
+
+ $added_wms[count($added_wms)] = $current_wms;
+ $cnt_wms++;
+ $cnt_layers = 0;
+ $cnt_query_layers = 0;
+ if ($action == "merge") {
+ $wmc_string .= "}\n";
+ }
+
+ // add epsg
+ $wmc_string .= $target . "wms_addSRS('".
+ $this->wmc_bBox_SRS ."','".
+ $this->wmc_bBox_minx ."','".
+ $this->wmc_bBox_miny ."','".
+ $this->wmc_bBox_maxx ."','".
+ $this->wmc_bBox_maxy ."','".
+ "');\n";
+
+ // for each layer...
+ for ($ii = 0; $ii < count($this->wmc_layer_title); $ii++) {
+ $layer_wms = $this->wmc_wms_serviceURL[$ii];
+ // ... of this wms
+ if ($current_wms == $layer_wms) {
+
+ // add format (FIXME: is this working?)
+ $z = count($this->wmc_layer_format[$ii]);
+ for($j=0;$j<$z;$j++){
+ $wmc_string .= $target . "wms_add_data_type_format('map','". $this->wmc_layer_format[$ii][$j] ."');\n";
+ }
+
+ if ($cnt_layers == 0) {
+ if ($action == "merge") {
+ $wmc_string .= "if (!wms_exists) {\n\t";
+ }
+ // add parent layer
+ $wmc_string .= $target . "wms_add_layer('','".$this->wmc_layer_id[$i]."','','". $this->wmc_wms_title[$i] ."','','0','0','0','0','','".$this->wmc_wms_id[$i]."','1','1','1','0','0','0','0');\n";
+ if ($action == "merge") {
+ $wmc_string .= "}\n";
+ }
+ }
+
+ $cnt_layers++;
+
+ if ($action == "merge") {
+ $wmc_string .= "if (wms_exists) {\n";
+
+ // check if this layer already exists in this wms
+ $wmc_string .= "\tlayer_exists = false;\n";
+ $wmc_string .= "\tcurrent_layer_index = null;\n";
+ $wmc_string .= "\tfor (var m=0; m < " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer.length; m++) {\n";
+ $wmc_string .= "\t\tif ('" . $this->wmc_layer_name[$ii] . "' == " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[m].layer_name) {\n";
+ $wmc_string .= "\t\t\tlayer_exists = true;\n";
+ $wmc_string .= "\t\t\tcurrent_layer_index = m;\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t}\n";
+
+ $wmc_string .= "\tif (layer_exists) {\n";
+ // check if the visibility or the queryability are different to the existing layer
+ $wmc_string .= "\t\tif (" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible != '" . intval(!$this->wmc_layer_hidden[$ii]) . "'";
+ $wmc_string .= " || " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer != '" . $this->wmc_layer_queryable[$ii] . "') {\n";
+
+ // if yes, update the visibility and queryability
+ $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible = " . intval(!$this->wmc_layer_hidden[$ii]) . ";\n";
+ $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer = " . $this->wmc_layer_queryable[$ii] . ";\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "}\n";
+ $wmc_string .= "\telse {\n";
+ }
+
+ // add layer
+ $wmc_string .= "\t" . $target . "wms_add_layer('0','".
+ $this->wmc_layer_id[$ii] . "','".
+ $this->wmc_layer_name[$ii] . "','".
+ $this->wmc_layer_title[$ii] ."','".
+ $this->wmc_layer_dataurl[$ii] . "','".
+ intval($cnt_layers) ."','".
+ $this->wmc_layer_queryable[$ii] ."','".
+ $this->wmc_layer_minscale[$ii] ."','".
+ $this->wmc_layer_maxscale[$ii] ."','".
+ $this->wmc_layer_metadataurl[$ii] ."','".
+ $this->wmc_wms_id[$ii] ."','1','1','".
+ intval(!$this->wmc_layer_hidden[$ii]) ."','".
+ $this->wmc_layer_queryable[$ii] ."','".
+ $this->wmc_layer_querylayer[$ii] ."','".
+ $this->wmc_layer_minscale[$ii] ."','".
+ $this->wmc_layer_maxscale[$ii] ."');\n";
+
+ if ($action == "merge") {
+ $wmc_string .= "\t}\n";
+ }
+
+ // if layer is queryable, add it to querylayerlist
+ if ($this->wmc_layer_queryable[$ii]) {
+ $cnt_query_layers++;
+ if (!in_array($this->wmc_layer_name[$ii], explode(",",$querylayerlist))) {
+ if ($querylayerlist == "") {$querylayerlist = $this->wmc_layer_name[$ii];} else {$querylayerlist .= "," . $this->wmc_layer_name[$ii];}
+ }
+ }
+ // if layer is visible, add it to layerlist
+ if (intval(!$this->wmc_layer_hidden[$ii]) && !in_array($this->wmc_layer_name[$ii], explode(",",$layerlist))) {
+ if ($layerlist == "") {$layerlist = $this->wmc_layer_name[$ii];} else {$layerlist .= "," . $this->wmc_layer_name[$ii];}
+ }
+
+ // add layer style (FIXME: is this working?)
+ for($j=0; $j<count($this->wmc_layer_style_name[$ii]);$j++){
+ $wmc_string .= $target . "wms_addLayerStyle('".$this->wmc_layer_style_name[$ii][$j] ."','".$this->wmc_layer_style_title[$ii][$j] ."','".$j."','".$cnt_layers."', '" . $this->wmc_layer_style_legendurl[$ii][$j] . "', '" . $this->wmc_layer_style_legendurl_format[$ii][$j] . "');\n";
+ }
+ }
+ }
+ // add wms to mapObj with all layers and querylayers
+ if ($action == "merge") {
+ $wmc_string .= "if (!wms_exists) {\n";
+ }
+ $wmc_string .= $target. "mb_mapObjaddWMSwithLayers('" . $mapObj . "', '" . $layerlist . "', '" . $querylayerlist . "');\n";
+ if ($action == "merge") {
+ $wmc_string .= "}\n";
+ $wmc_string .= "else {\n";
+ $wmc_string .= $target. "mb_mapObj[index].layers[current_wms_index] = \"" . $layerlist . "\";\n";
+ $wmc_string .= $target. "mb_mapObj[index].querylayers[current_wms_index] = \"" . $querylayerlist . "\";\n";
+ $wmc_string .= "}\n";
+ }
+ }
+ }
+ $wmc_string .= "var old_mapObj = ".$target."cloneObject(".$target."mb_mapObj);\n";
+ $wmc_string .= $target . "deleteMapObj();\n";
+ $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
+ $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
+ $wmc_string .= "\t\t" . $target . "mb_registerMapObj(old_mapObj[i].frameName, old_mapObj[i].elementName, null, " . $this->wmc_windowWidth . ", " . $this->wmc_windowHeight . ");\n";
+ $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.width = " . $this->wmc_windowWidth . ";\n";
+ $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.height = " . $this->wmc_windowHeight . ";\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "\telse {\n";
+ $wmc_string .= "\t\tvar found = false;\n";
+ $wmc_string .= "\t\tfor (var j=0; j < " . $target . "wms.length && found == false; j++) {\n";
+ $wmc_string .= "\t\t\tif (" . $target . "wms[j].wms_getmap == old_mapObj[i].wms[0].wms_getmap) {\n";
+ $wmc_string .= "\t\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, j, old_mapObj[i].width, old_mapObj[i].height);\n";
+ $wmc_string .= "\t\t\t\tfound = true;\n";
+ $wmc_string .= "\t\t\t}\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t\tif (!found) {\n";
+ $wmc_string .= "\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, 0, old_mapObj[i].width, old_mapObj[i].height);\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "}\n";
+
+ $sql = "SELECT minx, miny, maxx, maxy FROM layer_epsg WHERE fkey_layer_id = $1 AND epsg = $2 LIMIT 1";
+ $v = array($this->wmc_layer_id[0], $this->wmc_bBox_SRS);
+ $t = array('i', 's');
+ $res = db_prep_query($sql, $v, $t);
+ $row = db_fetch_array($res);
+ if ($row["minx"] && $row["miny"] && $row["maxx"] && $row["maxy"]) {
+ $ov_bbox = array($row["minx"],$row["miny"],$row["maxx"],$row["maxy"]);
+ }
+ else if ($this->wmc_layer_id[0] && $this->wmc_bBox_SRS){
+ $ov_bbox = array($this->wmc_bBox_minx, $this->wmc_bBox_miny, $this->wmc_bBox_maxx, $this->wmc_bBox_maxy);
+ }
+ else {
+ $ov_bbox = array();
+ }
+ $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
+ $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
+ $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+ $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
+ $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "\telse {\n";
+ if (count($ov_bbox)>0) {
+// $wmc_string .= "alert('found bbox for ov: ".implode(',',$ov_bbox)."');";
+ $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+ $wmc_string .= $ov_bbox[0] .",".$ov_bbox[1] .",";
+ $wmc_string .= $ov_bbox[2] .",".$ov_bbox[3] .");\n";
+ }
+ else {
+// $wmc_string .= "alert('no bbox found for ov: old bbox ".$this->wmc_bBox_minx." etc');";
+ $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+ $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
+ $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
+// $wmc_string .= "\t\tvar ov_index = " . $target . "getMapObjIndexByName('overview');\n";
+// $wmc_string .= "\t\t" . $target . "mb_mapObj[ov_index].extent = old_mapObj[i].extent;\n";
+ }
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "\t". $target . "setMapRequest(old_mapObj[i].frameName);\n";
+ $wmc_string .= "}\n";
+ $wmc_string .= $target . "mb_execloadWmsSubFunctions();\n";
+ }
+ return $wmc_string;
+ }
+}
+// end class
+?>
Modified: branches/2.4.5/2.4.4_leak/http/classes/class_wms.php
===================================================================
--- tags/2.4.4/http/classes/class_wms.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/classes/class_wms.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -94,7 +94,7 @@
xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
- xml_parse_into_struct($parser,$this->wms_getcapabilities_doc,$values,$tags);
+ xml_parse_into_struct($parser,$data,$values,$tags);
$code = xml_get_error_code($parser);
if ($code) {
@@ -1340,7 +1340,12 @@
while($row = db_fetch_array($res)){
unset($mySubmit);
$myGUI[$cnt] = $row["fkey_gui_id"];
- $sql = "UPDATE gui_wms SET ";
+
+ $sql = "UPDATE gui_wms SET ";
+ $v = array();
+ $t = array();
+ $paramCount = 0;
+
for($i=0; $i<count($this->data_type); $i++){
# gui_wms_mapformat
if(strtolower($this->data_type[$i]) == "map" && strtolower($this->data_format[$i]) == strtolower($row["gui_wms_mapformat"])){
@@ -1356,17 +1361,26 @@
}
}
if(!$myMapFormat){
- $sql .= "gui_wms_mapformat = '".$this->gui_wms_mapformat."' ";
+ $paramCount++;
+ $sql .= "gui_wms_mapformat = $" . $paramCount . " ";
$mySubmit = true;
+ array_push($v, $this->gui_wms_mapformat);
+ array_push($t, "s");
}
if(!$myFeatureInfoFormat){
if($mySubmit){ $sql .= ",";}
- $sql .= "gui_wms_featureinfoformat = '".$this->gui_wms_featureinfoformat."' ";
+ $paramCount++;
+ $sql .= "gui_wms_featureinfoformat = $" . $paramCount . " ";
+ array_push($v, $this->gui_wms_featureinfoformat);
+ array_push($t, "s");
$mySubmit = true;
}
if(!$myExceptionFormat){
if($mySubmit){ $sql .= ",";}
- $sql .= "gui_wms_exceptionformat = '".$this->gui_wms_exceptionformat."' ";
+ $paramCount++;
+ $sql .= "gui_wms_exceptionformat = $" . $paramCount ." ";
+ array_push($v, $this->gui_wms_exceptionformat);
+ array_push($t, "s");
$mySubmit = true;
}
@@ -1378,12 +1392,30 @@
}
if(!$myGUI_EPSG){
if($mySubmit){ $sql .= ",";}
- $sql .= "gui_wms_epsg = '".$this->gui_wms_epsg."' ";
+ $paramCount++;
+ $sql .= "gui_wms_epsg = $" . $paramCount . " ";
+ array_push($v, $this->gui_wms_epsg);
+ array_push($t, "s");
$mySubmit = true;
}
- $sql .= " WHERE fkey_gui_id = '".$row["fkey_gui_id"]."' AND fkey_wms_id = " . $myWMS;
+ $paramCount++;
+ $sql .= " WHERE fkey_gui_id = $" . $paramCount . " ";
+ array_push($v, $row["fkey_gui_id"]);
+ array_push($t, "s");
+
+ $paramCount++;
+ $sql .= "AND fkey_wms_id = $" . $paramCount;
+ array_push($v, $myWMS);
+ array_push($t, "i");
if($mySubmit){
- $this->transaction($sql);
+ $res = db_prep_query($sql,$v,$t);
+ if(!$res){
+ db_rollback();
+ echo "<pre>".$sql."</pre><br> <br><p>";
+ echo db_error();
+ echo "<br /> UPDATE ERROR -> KILL PROCESS AND ROLLBACK....................no update<br><br>";
+ $e = new mb_exception("class_wms.php: transaction: Transaction aborted, rollback.");
+ }
}
$cnt++;
}
@@ -1399,26 +1431,7 @@
function getCapabilitiesDoc() {
return $this->wms_getcapabilities_doc;
}
- function transaction($sql){
- #echo "<hr>". $sql;
- $ok = db_query($sql);
- if(!$ok){
- echo "<pre>".$sql."</pre><br> <br><p>";
- $error = db_error();
- $sql = "ROLLBACK";
- $res = db_query($sql);
- if(SYS_DBTYPE=="pgsql")
- {
- $sql = "SET AUTOCOMMIT=0";
- }
- else
- {
- $sql = "SET AUTOCOMMIT=1";
- }
- echo $error;
- echo "<br /> UPDATE ERROR -> KILL PROCESS AND ROLLBACK....................no update<br><br>";
- }
- }
+
/**
* creatObjfromDB
*
Modified: branches/2.4.5/2.4.4_leak/http/extensions/wz_jsgraphics.js
===================================================================
--- tags/2.4.4/http/extensions/wz_jsgraphics.js 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/extensions/wz_jsgraphics.js 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,211 +1,1107 @@
-var jg_ihtm,jg_ie,jg_fast,jg_dom,jg_moz,jg_n4=(document.layers&&typeof document.classes!="undefined");function chkDHTM(x,i)
-{x=document.body||null;jg_ie=x&&typeof x.insertAdjacentHTML!="undefined";jg_dom=(x&&!jg_ie&&typeof x.appendChild!="undefined"&&typeof document.createRange!="undefined"&&typeof(i=document.createRange()).setStartBefore!="undefined"&&typeof i.createContextualFragment!="undefined");jg_ihtm=!jg_ie&&!jg_dom&&x&&typeof x.innerHTML!="undefined";jg_fast=jg_ie&&document.all&&!window.opera;jg_moz=jg_dom&&typeof x.style.MozOpacity!="undefined";}
-function pntDoc()
-{this.wnd.document.write(jg_fast?this.htmRpc():this.htm);this.htm='';}
-function pntCnvDom()
-{var x=document.createRange();x.setStartBefore(this.cnv);x=x.createContextualFragment(jg_fast?this.htmRpc():this.htm);this.cnv.appendChild(x);this.htm='';}
-function pntCnvIe()
-{this.cnv.insertAdjacentHTML("BeforeEnd",jg_fast?this.htmRpc():this.htm);this.htm='';}
-function pntCnvIhtm()
-{this.cnv.innerHTML+=this.htm;this.htm='';}
-function pntCnv()
-{this.htm='';}
-function mkDiv(x,y,w,h)
-{this.htm+='<div style="position:absolute;'+'left:'+x+'px;'+'top:'+y+'px;'+'width:'+w+'px;'+'height:'+h+'px;';if(ie){this.htm+='-opacity:'+cw_opacity+';'+'-khtml-opacity:'+cw_opacity+';'+'filter: alpha(opacity='+(cw_opacity*100)+');';}
-this.htm+='clip:rect(0,'+w+'px,'+h+'px,0);'+'background-color:'+this.color+
-(!jg_moz?';overflow:hidden':'')+';"><\/div>';}
-function mkDivIe(x,y,w,h)
-{this.htm+='%%'+this.color+';'+x+';'+y+';'+w+';'+h+';';}
-function mkDivPrt(x,y,w,h)
-{this.htm+='<div style="position:absolute;'+'border-left:'+w+'px solid '+this.color+';'+'left:'+x+'px;'+'top:'+y+'px;'+'width:0px;'+'height:'+h+'px;'+'clip:rect(0,'+w+'px,'+h+'px,0);'+'background-color:'+this.color+
-(!jg_moz?';overflow:hidden':'')+';"><\/div>';}
-function mkLyr(x,y,w,h)
-{this.htm+='<layer '+'left="'+x+'" '+'top="'+y+'" '+'width="'+w+'" '+'height="'+h+'" '+'bgcolor="'+this.color+'"><\/layer>\n';}
-var regex=/%%([^;]+);([^;]+);([^;]+);([^;]+);([^;]+);/g;function htmRpc()
-{return this.htm.replace(regex,'<div style="overflow:hidden;position:absolute;background-color:'+'$1;left:$2;top:$3;width:$4;height:$5"></div>\n');}
-function htmPrtRpc()
-{return this.htm.replace(regex,'<div style="overflow:hidden;position:absolute;background-color:'+'$1;left:$2;top:$3;width:$4;height:$5;border-left:$4px solid $1"></div>\n');}
-function mkLin(x1,y1,x2,y2)
-{if(x1>x2)
-{var _x2=x2;var _y2=y2;x2=x1;y2=y1;x1=_x2;y1=_y2;}
-var dx=x2-x1,dy=Math.abs(y2-y1),x=x1,y=y1,yIncr=(y1>y2)?-1:1;if(dx>=dy)
-{var pr=dy<<1,pru=pr-(dx<<1),p=pr-dx,ox=x;while((dx--)>0)
-{++x;if(p>0)
-{this.mkDiv(ox,y,x-ox,1);y+=yIncr;p+=pru;ox=x;}
-else p+=pr;}
-this.mkDiv(ox,y,x2-ox+1,1);}
-else
-{var pr=dx<<1,pru=pr-(dy<<1),p=pr-dy,oy=y;if(y2<=y1)
-{while((dy--)>0)
-{if(p>0)
-{this.mkDiv(x++,y,1,oy-y+1);y+=yIncr;p+=pru;oy=y;}
-else
-{y+=yIncr;p+=pr;}}
-this.mkDiv(x2,y2,1,oy-y2+1);}
-else
-{while((dy--)>0)
-{y+=yIncr;if(p>0)
-{this.mkDiv(x++,oy,1,y-oy);p+=pru;oy=y;}
-else p+=pr;}
-this.mkDiv(x2,oy,1,y2-oy+1);}}}
-function mkLin2D(x1,y1,x2,y2)
-{if(x1>x2)
-{var _x2=x2;var _y2=y2;x2=x1;y2=y1;x1=_x2;y1=_y2;}
-var dx=x2-x1,dy=Math.abs(y2-y1),x=x1,y=y1,yIncr=(y1>y2)?-1:1;var s=this.stroke;if(dx>=dy)
-{if(s-3>0)
-{var _s=(s*dx*Math.sqrt(1+dy*dy/(dx*dx))-dx-(s>>1)*dy)/dx;_s=(!(s-4)?Math.ceil(_s):Math.round(_s))+1;}
-else var _s=s;var ad=Math.ceil(s/2);var pr=dy<<1,pru=pr-(dx<<1),p=pr-dx,ox=x;while((dx--)>0)
-{++x;if(p>0)
-{this.mkDiv(ox,y,x-ox+ad,_s);y+=yIncr;p+=pru;ox=x;}
-else p+=pr;}
-this.mkDiv(ox,y,x2-ox+ad+1,_s);}
-else
-{if(s-3>0)
-{var _s=(s*dy*Math.sqrt(1+dx*dx/(dy*dy))-(s>>1)*dx-dy)/dy;_s=(!(s-4)?Math.ceil(_s):Math.round(_s))+1;}
-else var _s=s;var ad=Math.round(s/2);var pr=dx<<1,pru=pr-(dy<<1),p=pr-dy,oy=y;if(y2<=y1)
-{++ad;while((dy--)>0)
-{if(p>0)
-{this.mkDiv(x++,y,_s,oy-y+ad);y+=yIncr;p+=pru;oy=y;}
-else
-{y+=yIncr;p+=pr;}}
-this.mkDiv(x2,y2,_s,oy-y2+ad);}
-else
-{while((dy--)>0)
-{y+=yIncr;if(p>0)
-{this.mkDiv(x++,oy,_s,y-oy+ad);p+=pru;oy=y;}
-else p+=pr;}
-this.mkDiv(x2,oy,_s,y2-oy+ad+1);}}}
-function mkLinDott(x1,y1,x2,y2)
-{if(x1>x2)
-{var _x2=x2;var _y2=y2;x2=x1;y2=y1;x1=_x2;y1=_y2;}
-var dx=x2-x1,dy=Math.abs(y2-y1),x=x1,y=y1,yIncr=(y1>y2)?-1:1,drw=true;if(dx>=dy)
-{var pr=dy<<1,pru=pr-(dx<<1),p=pr-dx;while((dx--)>0)
-{if(drw)this.mkDiv(x,y,1,1);drw=!drw;if(p>0)
-{y+=yIncr;p+=pru;}
-else p+=pr;++x;}
-if(drw)this.mkDiv(x,y,1,1);}
-else
-{var pr=dx<<1,pru=pr-(dy<<1),p=pr-dy;while((dy--)>0)
-{if(drw)this.mkDiv(x,y,1,1);drw=!drw;y+=yIncr;if(p>0)
-{++x;p+=pru;}
-else p+=pr;}
-if(drw)this.mkDiv(x,y,1,1);}}
-function mkOv(left,top,width,height)
-{var a=width>>1,b=height>>1,wod=width&1,hod=(height&1)+1,cx=left+a,cy=top+b,x=0,y=b,ox=0,oy=b,aa=(a*a)<<1,bb=(b*b)<<1,st=(aa>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa*((b<<1)-1),w,h;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-(aa<<1)*(y-1);tt+=(bb<<1)*(++x)-aa*(((y--)<<1)-3);w=x-ox;h=oy-y;if(w&2&&h&2)
-{this.mkOvQds(cx,cy,-x+2,ox+wod,-oy,oy-1+hod,1,1);this.mkOvQds(cx,cy,-x+1,x-1+wod,-y-1,y+hod,1,1);}
-else this.mkOvQds(cx,cy,-x+1,ox+wod,-oy,oy-h+hod,w,h);ox=x;oy=y;}
-else
-{tt-=aa*((y<<1)-3);st-=(aa<<1)*(--y);}}
-this.mkDiv(cx-a,cy-oy,a-ox+1,(oy<<1)+hod);this.mkDiv(cx+ox+wod,cy-oy,a-ox+1,(oy<<1)+hod);}
-function mkOv2D(left,top,width,height)
-{var s=this.stroke;width+=s-1;height+=s-1;var a=width>>1,b=height>>1,wod=width&1,hod=(height&1)+1,cx=left+a,cy=top+b,x=0,y=b,aa=(a*a)<<1,bb=(b*b)<<1,st=(aa>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa*((b<<1)-1);if(s-4<0&&(!(s-2)||width-51>0&&height-51>0))
-{var ox=0,oy=b,w,h,pxl,pxr,pxt,pxb,pxw;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-(aa<<1)*(y-1);tt+=(bb<<1)*(++x)-aa*(((y--)<<1)-3);w=x-ox;h=oy-y;if(w-1)
-{pxw=w+1+(s&1);h=s;}
-else if(h-1)
-{pxw=s;h+=1+(s&1);}
-else pxw=h=s;this.mkOvQds(cx,cy,-x+1,ox-pxw+w+wod,-oy,-h+oy+hod,pxw,h);ox=x;oy=y;}
-else
-{tt-=aa*((y<<1)-3);st-=(aa<<1)*(--y);}}
-this.mkDiv(cx-a,cy-oy,s,(oy<<1)+hod);this.mkDiv(cx+a+wod-s+1,cy-oy,s,(oy<<1)+hod);}
-else
-{var _a=(width-((s-1)<<1))>>1,_b=(height-((s-1)<<1))>>1,_x=0,_y=_b,_aa=(_a*_a)<<1,_bb=(_b*_b)<<1,_st=(_aa>>1)*(1-(_b<<1))+_bb,_tt=(_bb>>1)-_aa*((_b<<1)-1),pxl=new Array(),pxt=new Array(),_pxb=new Array();pxl[0]=0;pxt[0]=b;_pxb[0]=_b-1;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);pxl[pxl.length]=x;pxt[pxt.length]=y;}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-(aa<<1)*(y-1);tt+=(bb<<1)*(++x)-aa*(((y--)<<1)-3);pxl[pxl.length]=x;pxt[pxt.length]=y;}
-else
-{tt-=aa*((y<<1)-3);st-=(aa<<1)*(--y);}
-if(_y>0)
-{if(_st<0)
-{_st+=_bb*((_x<<1)+3);_tt+=(_bb<<1)*(++_x);_pxb[_pxb.length]=_y-1;}
-else if(_tt<0)
-{_st+=_bb*((_x<<1)+3)-(_aa<<1)*(_y-1);_tt+=(_bb<<1)*(++_x)-_aa*(((_y--)<<1)-3);_pxb[_pxb.length]=_y-1;}
-else
-{_tt-=_aa*((_y<<1)-3);_st-=(_aa<<1)*(--_y);_pxb[_pxb.length-1]--;}}}
-var ox=0,oy=b,_oy=_pxb[0],l=pxl.length,w,h;for(var i=0;i<l;i++)
-{if(typeof _pxb[i]!="undefined")
-{if(_pxb[i]<_oy||pxt[i]<oy)
-{x=pxl[i];this.mkOvQds(cx,cy,-x+1,ox+wod,-oy,_oy+hod,x-ox,oy-_oy);ox=x;oy=pxt[i];_oy=_pxb[i];}}
-else
-{x=pxl[i];this.mkDiv(cx-x+1,cy-oy,1,(oy<<1)+hod);this.mkDiv(cx+ox+wod,cy-oy,1,(oy<<1)+hod);ox=x;oy=pxt[i];}}
-this.mkDiv(cx-a,cy-oy,1,(oy<<1)+hod);this.mkDiv(cx+ox+wod,cy-oy,1,(oy<<1)+hod);}}
-function mkOvDott(left,top,width,height)
-{var a=width>>1,b=height>>1,wod=width&1,hod=height&1,cx=left+a,cy=top+b,x=0,y=b,aa2=(a*a)<<1,aa4=aa2<<1,bb=(b*b)<<1,st=(aa2>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa2*((b<<1)-1),drw=true;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-aa4*(y-1);tt+=(bb<<1)*(++x)-aa2*(((y--)<<1)-3);}
-else
-{tt-=aa2*((y<<1)-3);st-=aa4*(--y);}
-if(drw)this.mkOvQds(cx,cy,-x,x+wod,-y,y+hod,1,1);drw=!drw;}}
-function mkRect(x,y,w,h)
-{var s=this.stroke;this.mkDiv(x,y,w,s);this.mkDiv(x+w,y,s,h);this.mkDiv(x,y+h,w+s,s);this.mkDiv(x,y+s,s,h-s);}
-function mkRectDott(x,y,w,h)
-{this.drawLine(x,y,x+w,y);this.drawLine(x+w,y,x+w,y+h);this.drawLine(x,y+h,x+w,y+h);this.drawLine(x,y,x,y+h);}
-function jsgFont()
-{this.PLAIN='font-weight:normal;';this.BOLD='font-weight:bold;';this.ITALIC='font-style:italic;';this.ITALIC_BOLD=this.ITALIC+this.BOLD;this.BOLD_ITALIC=this.ITALIC_BOLD;}
-var Font=new jsgFont();function jsgStroke()
-{this.DOTTED=-1;}
-var Stroke=new jsgStroke();function jsGraphics(id,wnd)
-{this.setColor=new Function('arg','this.color = arg.toLowerCase();');this.setStroke=function(x)
-{this.stroke=x;if(!(x+1))
-{this.drawLine=mkLinDott;this.mkOv=mkOvDott;this.drawRect=mkRectDott;}
-else if(x-1>0)
-{this.drawLine=mkLin2D;this.mkOv=mkOv2D;this.drawRect=mkRect;}
-else
-{this.drawLine=mkLin;this.mkOv=mkOv;this.drawRect=mkRect;}};this.setPrintable=function(arg)
-{this.printable=arg;if(jg_fast)
-{this.mkDiv=mkDivIe;this.htmRpc=arg?htmPrtRpc:htmRpc;}
-else this.mkDiv=jg_n4?mkLyr:arg?mkDivPrt:mkDiv;};this.setFont=function(fam,sz,sty)
-{this.ftFam=fam;this.ftSz=sz;this.ftSty=sty||Font.PLAIN;};this.drawPolyline=this.drawPolyLine=function(x,y,s)
-{for(var i=0;i<x.length-1;i++)
-this.drawLine(x[i],y[i],x[i+1],y[i+1]);};this.fillRect=function(x,y,w,h)
-{this.mkDiv(x,y,w,h);};this.drawPolygon=function(x,y)
-{this.drawPolyline(x,y);this.drawLine(x[x.length-1],y[x.length-1],x[0],y[0]);};this.drawEllipse=this.drawOval=function(x,y,w,h)
-{this.mkOv(x,y,w,h);};this.fillEllipse=this.fillOval=function(left,top,w,h)
-{var a=(w-=1)>>1,b=(h-=1)>>1,wod=(w&1)+1,hod=(h&1)+1,cx=left+a,cy=top+b,x=0,y=b,ox=0,oy=b,aa2=(a*a)<<1,aa4=aa2<<1,bb=(b*b)<<1,st=(aa2>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa2*((b<<1)-1),pxl,dw,dh;if(w+1)while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-aa4*(y-1);pxl=cx-x;dw=(x<<1)+wod;tt+=(bb<<1)*(++x)-aa2*(((y--)<<1)-3);dh=oy-y;this.mkDiv(pxl,cy-oy,dw,dh);this.mkDiv(pxl,cy+oy-dh+hod,dw,dh);ox=x;oy=y;}
-else
-{tt-=aa2*((y<<1)-3);st-=aa4*(--y);}}
-this.mkDiv(cx-a,cy-oy,w+1,(oy<<1)+hod);};this.fillPolygon=function(array_x,array_y)
-{var i;var y;var miny,maxy;var x1,y1;var x2,y2;var ind1,ind2;var ints;var n=array_x.length;if(!n)return;miny=array_y[0];maxy=array_y[0];for(i=1;i<n;i++)
-{if(array_y[i]<miny)
-miny=array_y[i];if(array_y[i]>maxy)
-maxy=array_y[i];}
-for(y=miny;y<=maxy;y++)
-{var polyInts=new Array();ints=0;for(i=0;i<n;i++)
-{if(!i)
-{ind1=n-1;ind2=0;}
-else
-{ind1=i-1;ind2=i;}
-y1=array_y[ind1];y2=array_y[ind2];if(y1<y2)
-{x1=array_x[ind1];x2=array_x[ind2];}
-else if(y1>y2)
-{y2=array_y[ind1];y1=array_y[ind2];x2=array_x[ind1];x1=array_x[ind2];}
-else continue;if((y>=y1)&&(y<y2))
-polyInts[ints++]=Math.round((y-y1)*(x2-x1)/(y2-y1)+x1);else if((y==maxy)&&(y>y1)&&(y<=y2))
-polyInts[ints++]=Math.round((y-y1)*(x2-x1)/(y2-y1)+x1);}
-polyInts.sort(integer_compare);for(i=0;i<ints;i+=2)
-this.mkDiv(polyInts[i],y,polyInts[i+1]-polyInts[i]+1,1);}};this.drawString=function(txt,x,y)
-{this.htm+='<div style="position:absolute;white-space:nowrap;'+'left:'+x+'px;'+'top:'+y+'px;'+'font-family:'+this.ftFam+';'+'font-size:'+this.ftSz+';'+'color:'+this.color+';'+this.ftSty+'">'+
-txt+'<\/div>';}
-this.drawImage=function(imgSrc,x,y,w,h)
-{this.htm+='<div style="position:absolute;'+'left:'+x+'px;'+'top:'+y+'px;'+'width:'+w+';'+'height:'+h+';">'+'<img src="'+imgSrc+'" width="'+w+'" height="'+h+'">'+'<\/div>';}
-this.clear=function()
-{this.htm="";if(this.cnv)this.cnv.innerHTML=this.defhtm;};this.mkOvQds=function(cx,cy,xl,xr,yt,yb,w,h)
-{this.mkDiv(xr+cx,yt+cy,w,h);this.mkDiv(xr+cx,yb+cy,w,h);this.mkDiv(xl+cx,yb+cy,w,h);this.mkDiv(xl+cx,yt+cy,w,h);};this.setStroke(1);this.setFont('verdana,geneva,helvetica,sans-serif',String.fromCharCode(0x31,0x32,0x70,0x78),Font.PLAIN);this.color='#000000';this.htm='';this.wnd=wnd||window;if(!(jg_ie||jg_dom||jg_ihtm))chkDHTM();if(typeof id!='string'||!id)this.paint=pntDoc;else
-{this.cnv=document.all?(this.wnd.document.all[id]||null):document.getElementById?(this.wnd.document.getElementById(id)||null):null;this.defhtm=(this.cnv&&this.cnv.innerHTML)?this.cnv.innerHTML:'';this.paint=jg_dom?pntCnvDom:jg_ie?pntCnvIe:jg_ihtm?pntCnvIhtm:pntCnv;}
-this.setPrintable(false);}
-function integer_compare(x,y)
-{return(x<y)?-1:((x>y)*1);}
\ No newline at end of file
+/* This notice must be untouched at all times.
+
+wz_jsgraphics.js v. 3.03
+The latest version is available at
+http://www.walterzorn.com
+or http://www.devira.com
+or http://www.walterzorn.de
+
+Copyright (c) 2002-2004 Walter Zorn. All rights reserved.
+Created 3. 11. 2002 by Walter Zorn (Web: http://www.walterzorn.com )
+Last modified: 28. 1. 2008
+
+Performance optimizations for Internet Explorer
+by Thomas Frank and John Holdsworth.
+fillPolygon method implemented by Matthieu Haller.
+
+High Performance JavaScript Graphics Library.
+Provides methods
+- to draw lines, rectangles, ellipses, polygons
+ with specifiable line thickness,
+- to fill rectangles, polygons, ellipses and arcs
+- to draw text.
+NOTE: Operations, functions and branching have rather been optimized
+to efficiency and speed than to shortness of source code.
+
+LICENSE: LGPL
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License (LGPL) as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA,
+or see http://www.gnu.org/copyleft/lesser.html
+*/
+
+
+var jg_ok, jg_ie, jg_fast, jg_dom, jg_moz;
+
+
+function _chkDHTM(x, i)
+{
+ x = document.body || null;
+ jg_ie = x && typeof x.insertAdjacentHTML != "undefined" && document.createElement;
+ jg_dom = (x && !jg_ie &&
+ typeof x.appendChild != "undefined" &&
+ typeof document.createRange != "undefined" &&
+ typeof (i = document.createRange()).setStartBefore != "undefined" &&
+ typeof i.createContextualFragment != "undefined");
+ jg_fast = jg_ie && document.all && !window.opera;
+ jg_moz = jg_dom && typeof x.style.MozOpacity != "undefined";
+ jg_ok = !!(jg_ie || jg_dom);
+}
+
+function _pntCnvDom()
+{
+ var x = this.wnd.document.createRange();
+ x.setStartBefore(this.cnv);
+ x = x.createContextualFragment(jg_fast? this._htmRpc() : this.htm);
+ if(this.cnv) this.cnv.appendChild(x);
+ this.htm = "";
+}
+
+function _pntCnvIe()
+{
+ if(this.cnv) this.cnv.insertAdjacentHTML("BeforeEnd", jg_fast? this._htmRpc() : this.htm);
+ this.htm = "";
+}
+
+function _pntDoc()
+{
+ this.wnd.document.write(jg_fast? this._htmRpc() : this.htm);
+ this.htm = '';
+}
+
+function _pntN()
+{
+ ;
+}
+
+function _mkDiv(x, y, w, h)
+{
+ this.htm += '<div style="position:absolute;'+
+ 'left:' + x + 'px;'+
+ 'top:' + y + 'px;'+
+ 'width:' + w + 'px;'+
+ 'height:' + h + 'px;'+
+ 'clip:rect(0,'+w+'px,'+h+'px,0);'+
+ 'background-color:' + this.color +
+ (!jg_moz? ';overflow:hidden' : '')+
+ ';"><\/div>';
+}
+
+function _mkDivIe(x, y, w, h)
+{
+ this.htm += '%%'+this.color+';'+x+';'+y+';'+w+';'+h+';';
+}
+
+function _mkDivPrt(x, y, w, h)
+{
+ this.htm += '<div style="position:absolute;'+
+ 'border-left:' + w + 'px solid ' + this.color + ';'+
+ 'left:' + x + 'px;'+
+ 'top:' + y + 'px;'+
+ 'width:0px;'+
+ 'height:' + h + 'px;'+
+ 'clip:rect(0,'+w+'px,'+h+'px,0);'+
+ 'background-color:' + this.color +
+ (!jg_moz? ';overflow:hidden' : '')+
+ ';"><\/div>';
+}
+
+var _regex = /%%([^;]+);([^;]+);([^;]+);([^;]+);([^;]+);/g;
+function _htmRpc()
+{
+ return this.htm.replace(
+ _regex,
+ '<div style="overflow:hidden;position:absolute;background-color:'+
+ '$1;left:$2;top:$3;width:$4;height:$5"></div>\n');
+}
+
+function _htmPrtRpc()
+{
+ return this.htm.replace(
+ _regex,
+ '<div style="overflow:hidden;position:absolute;background-color:'+
+ '$1;left:$2;top:$3;width:$4;height:$5;border-left:$4px solid $1"></div>\n');
+}
+
+function _mkLin(x1, y1, x2, y2)
+{
+ if(x1 > x2)
+ {
+ var _x2 = x2;
+ var _y2 = y2;
+ x2 = x1;
+ y2 = y1;
+ x1 = _x2;
+ y1 = _y2;
+ }
+ var dx = x2-x1, dy = Math.abs(y2-y1),
+ x = x1, y = y1,
+ yIncr = (y1 > y2)? -1 : 1;
+
+ if(dx >= dy)
+ {
+ var pr = dy<<1,
+ pru = pr - (dx<<1),
+ p = pr-dx,
+ ox = x;
+ while(dx > 0)
+ {--dx;
+ ++x;
+ if(p > 0)
+ {
+ this._mkDiv(ox, y, x-ox, 1);
+ y += yIncr;
+ p += pru;
+ ox = x;
+ }
+ else p += pr;
+ }
+ this._mkDiv(ox, y, x2-ox+1, 1);
+ }
+
+ else
+ {
+ var pr = dx<<1,
+ pru = pr - (dy<<1),
+ p = pr-dy,
+ oy = y;
+ if(y2 <= y1)
+ {
+ while(dy > 0)
+ {--dy;
+ if(p > 0)
+ {
+ this._mkDiv(x++, y, 1, oy-y+1);
+ y += yIncr;
+ p += pru;
+ oy = y;
+ }
+ else
+ {
+ y += yIncr;
+ p += pr;
+ }
+ }
+ this._mkDiv(x2, y2, 1, oy-y2+1);
+ }
+ else
+ {
+ while(dy > 0)
+ {--dy;
+ y += yIncr;
+ if(p > 0)
+ {
+ this._mkDiv(x++, oy, 1, y-oy);
+ p += pru;
+ oy = y;
+ }
+ else p += pr;
+ }
+ this._mkDiv(x2, oy, 1, y2-oy+1);
+ }
+ }
+}
+
+function _mkLin2D(x1, y1, x2, y2)
+{
+ if(x1 > x2)
+ {
+ var _x2 = x2;
+ var _y2 = y2;
+ x2 = x1;
+ y2 = y1;
+ x1 = _x2;
+ y1 = _y2;
+ }
+ var dx = x2-x1, dy = Math.abs(y2-y1),
+ x = x1, y = y1,
+ yIncr = (y1 > y2)? -1 : 1;
+
+ var s = this.stroke;
+ if(dx >= dy)
+ {
+ if(dx > 0 && s-3 > 0)
+ {
+ var _s = (s*dx*Math.sqrt(1+dy*dy/(dx*dx))-dx-(s>>1)*dy) / dx;
+ _s = (!(s-4)? Math.ceil(_s) : Math.round(_s)) + 1;
+ }
+ else var _s = s;
+ var ad = Math.ceil(s/2);
+
+ var pr = dy<<1,
+ pru = pr - (dx<<1),
+ p = pr-dx,
+ ox = x;
+ while(dx > 0)
+ {--dx;
+ ++x;
+ if(p > 0)
+ {
+ this._mkDiv(ox, y, x-ox+ad, _s);
+ y += yIncr;
+ p += pru;
+ ox = x;
+ }
+ else p += pr;
+ }
+ this._mkDiv(ox, y, x2-ox+ad+1, _s);
+ }
+
+ else
+ {
+ if(s-3 > 0)
+ {
+ var _s = (s*dy*Math.sqrt(1+dx*dx/(dy*dy))-(s>>1)*dx-dy) / dy;
+ _s = (!(s-4)? Math.ceil(_s) : Math.round(_s)) + 1;
+ }
+ else var _s = s;
+ var ad = Math.round(s/2);
+
+ var pr = dx<<1,
+ pru = pr - (dy<<1),
+ p = pr-dy,
+ oy = y;
+ if(y2 <= y1)
+ {
+ ++ad;
+ while(dy > 0)
+ {--dy;
+ if(p > 0)
+ {
+ this._mkDiv(x++, y, _s, oy-y+ad);
+ y += yIncr;
+ p += pru;
+ oy = y;
+ }
+ else
+ {
+ y += yIncr;
+ p += pr;
+ }
+ }
+ this._mkDiv(x2, y2, _s, oy-y2+ad);
+ }
+ else
+ {
+ while(dy > 0)
+ {--dy;
+ y += yIncr;
+ if(p > 0)
+ {
+ this._mkDiv(x++, oy, _s, y-oy+ad);
+ p += pru;
+ oy = y;
+ }
+ else p += pr;
+ }
+ this._mkDiv(x2, oy, _s, y2-oy+ad+1);
+ }
+ }
+}
+
+function _mkLinDott(x1, y1, x2, y2)
+{
+ if(x1 > x2)
+ {
+ var _x2 = x2;
+ var _y2 = y2;
+ x2 = x1;
+ y2 = y1;
+ x1 = _x2;
+ y1 = _y2;
+ }
+ var dx = x2-x1, dy = Math.abs(y2-y1),
+ x = x1, y = y1,
+ yIncr = (y1 > y2)? -1 : 1,
+ drw = true;
+ if(dx >= dy)
+ {
+ var pr = dy<<1,
+ pru = pr - (dx<<1),
+ p = pr-dx;
+ while(dx > 0)
+ {--dx;
+ if(drw) this._mkDiv(x, y, 1, 1);
+ drw = !drw;
+ if(p > 0)
+ {
+ y += yIncr;
+ p += pru;
+ }
+ else p += pr;
+ ++x;
+ }
+ }
+ else
+ {
+ var pr = dx<<1,
+ pru = pr - (dy<<1),
+ p = pr-dy;
+ while(dy > 0)
+ {--dy;
+ if(drw) this._mkDiv(x, y, 1, 1);
+ drw = !drw;
+ y += yIncr;
+ if(p > 0)
+ {
+ ++x;
+ p += pru;
+ }
+ else p += pr;
+ }
+ }
+ if(drw) this._mkDiv(x, y, 1, 1);
+}
+
+function _mkOv(left, top, width, height)
+{
+ var a = (++width)>>1, b = (++height)>>1,
+ wod = width&1, hod = height&1,
+ cx = left+a, cy = top+b,
+ x = 0, y = b,
+ ox = 0, oy = b,
+ aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+ st = (aa2>>1)*(1-(b<<1)) + bb2,
+ tt = (bb2>>1) - aa2*((b<<1)-1),
+ w, h;
+ while(y > 0)
+ {
+ if(st < 0)
+ {
+ st += bb2*((x<<1)+3);
+ tt += bb4*(++x);
+ }
+ else if(tt < 0)
+ {
+ st += bb2*((x<<1)+3) - aa4*(y-1);
+ tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+ w = x-ox;
+ h = oy-y;
+ if((w&2) && (h&2))
+ {
+ this._mkOvQds(cx, cy, x-2, y+2, 1, 1, wod, hod);
+ this._mkOvQds(cx, cy, x-1, y+1, 1, 1, wod, hod);
+ }
+ else this._mkOvQds(cx, cy, x-1, oy, w, h, wod, hod);
+ ox = x;
+ oy = y;
+ }
+ else
+ {
+ tt -= aa2*((y<<1)-3);
+ st -= aa4*(--y);
+ }
+ }
+ w = a-ox+1;
+ h = (oy<<1)+hod;
+ y = cy-oy;
+ this._mkDiv(cx-a, y, w, h);
+ this._mkDiv(cx+ox+wod-1, y, w, h);
+}
+
+function _mkOv2D(left, top, width, height)
+{
+ var s = this.stroke;
+ width += s+1;
+ height += s+1;
+ var a = width>>1, b = height>>1,
+ wod = width&1, hod = height&1,
+ cx = left+a, cy = top+b,
+ x = 0, y = b,
+ aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+ st = (aa2>>1)*(1-(b<<1)) + bb2,
+ tt = (bb2>>1) - aa2*((b<<1)-1);
+
+ if(s-4 < 0 && (!(s-2) || width-51 > 0 && height-51 > 0))
+ {
+ var ox = 0, oy = b,
+ w, h,
+ pxw;
+ while(y > 0)
+ {
+ if(st < 0)
+ {
+ st += bb2*((x<<1)+3);
+ tt += bb4*(++x);
+ }
+ else if(tt < 0)
+ {
+ st += bb2*((x<<1)+3) - aa4*(y-1);
+ tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+ w = x-ox;
+ h = oy-y;
+
+ if(w-1)
+ {
+ pxw = w+1+(s&1);
+ h = s;
+ }
+ else if(h-1)
+ {
+ pxw = s;
+ h += 1+(s&1);
+ }
+ else pxw = h = s;
+ this._mkOvQds(cx, cy, x-1, oy, pxw, h, wod, hod);
+ ox = x;
+ oy = y;
+ }
+ else
+ {
+ tt -= aa2*((y<<1)-3);
+ st -= aa4*(--y);
+ }
+ }
+ this._mkDiv(cx-a, cy-oy, s, (oy<<1)+hod);
+ this._mkDiv(cx+a+wod-s, cy-oy, s, (oy<<1)+hod);
+ }
+
+ else
+ {
+ var _a = (width-(s<<1))>>1,
+ _b = (height-(s<<1))>>1,
+ _x = 0, _y = _b,
+ _aa2 = (_a*_a)<<1, _aa4 = _aa2<<1, _bb2 = (_b*_b)<<1, _bb4 = _bb2<<1,
+ _st = (_aa2>>1)*(1-(_b<<1)) + _bb2,
+ _tt = (_bb2>>1) - _aa2*((_b<<1)-1),
+
+ pxl = new Array(),
+ pxt = new Array(),
+ _pxb = new Array();
+ pxl[0] = 0;
+ pxt[0] = b;
+ _pxb[0] = _b-1;
+ while(y > 0)
+ {
+ if(st < 0)
+ {
+ pxl[pxl.length] = x;
+ pxt[pxt.length] = y;
+ st += bb2*((x<<1)+3);
+ tt += bb4*(++x);
+ }
+ else if(tt < 0)
+ {
+ pxl[pxl.length] = x;
+ st += bb2*((x<<1)+3) - aa4*(y-1);
+ tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+ pxt[pxt.length] = y;
+ }
+ else
+ {
+ tt -= aa2*((y<<1)-3);
+ st -= aa4*(--y);
+ }
+
+ if(_y > 0)
+ {
+ if(_st < 0)
+ {
+ _st += _bb2*((_x<<1)+3);
+ _tt += _bb4*(++_x);
+ _pxb[_pxb.length] = _y-1;
+ }
+ else if(_tt < 0)
+ {
+ _st += _bb2*((_x<<1)+3) - _aa4*(_y-1);
+ _tt += _bb4*(++_x) - _aa2*(((_y--)<<1)-3);
+ _pxb[_pxb.length] = _y-1;
+ }
+ else
+ {
+ _tt -= _aa2*((_y<<1)-3);
+ _st -= _aa4*(--_y);
+ _pxb[_pxb.length-1]--;
+ }
+ }
+ }
+
+ var ox = -wod, oy = b,
+ _oy = _pxb[0],
+ l = pxl.length,
+ w, h;
+ for(var i = 0; i < l; i++)
+ {
+ if(typeof _pxb[i] != "undefined")
+ {
+ if(_pxb[i] < _oy || pxt[i] < oy)
+ {
+ x = pxl[i];
+ this._mkOvQds(cx, cy, x, oy, x-ox, oy-_oy, wod, hod);
+ ox = x;
+ oy = pxt[i];
+ _oy = _pxb[i];
+ }
+ }
+ else
+ {
+ x = pxl[i];
+ this._mkDiv(cx-x, cy-oy, 1, (oy<<1)+hod);
+ this._mkDiv(cx+ox+wod, cy-oy, 1, (oy<<1)+hod);
+ ox = x;
+ oy = pxt[i];
+ }
+ }
+ this._mkDiv(cx-a, cy-oy, 1, (oy<<1)+hod);
+ this._mkDiv(cx+ox+wod, cy-oy, 1, (oy<<1)+hod);
+ }
+}
+
+function _mkOvDott(left, top, width, height)
+{
+ var a = (++width)>>1, b = (++height)>>1,
+ wod = width&1, hod = height&1, hodu = hod^1,
+ cx = left+a, cy = top+b,
+ x = 0, y = b,
+ aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+ st = (aa2>>1)*(1-(b<<1)) + bb2,
+ tt = (bb2>>1) - aa2*((b<<1)-1),
+ drw = true;
+ while(y > 0)
+ {
+ if(st < 0)
+ {
+ st += bb2*((x<<1)+3);
+ tt += bb4*(++x);
+ }
+ else if(tt < 0)
+ {
+ st += bb2*((x<<1)+3) - aa4*(y-1);
+ tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+ }
+ else
+ {
+ tt -= aa2*((y<<1)-3);
+ st -= aa4*(--y);
+ }
+ if(drw && y >= hodu) this._mkOvQds(cx, cy, x, y, 1, 1, wod, hod);
+ drw = !drw;
+ }
+}
+
+function _mkRect(x, y, w, h)
+{
+ var s = this.stroke;
+ this._mkDiv(x, y, w, s);
+ this._mkDiv(x+w, y, s, h);
+ this._mkDiv(x, y+h, w+s, s);
+ this._mkDiv(x, y+s, s, h-s);
+}
+
+function _mkRectDott(x, y, w, h)
+{
+ this.drawLine(x, y, x+w, y);
+ this.drawLine(x+w, y, x+w, y+h);
+ this.drawLine(x, y+h, x+w, y+h);
+ this.drawLine(x, y, x, y+h);
+}
+
+function jsgFont()
+{
+ this.PLAIN = 'font-weight:normal;';
+ this.BOLD = 'font-weight:bold;';
+ this.ITALIC = 'font-style:italic;';
+ this.ITALIC_BOLD = this.ITALIC + this.BOLD;
+ this.BOLD_ITALIC = this.ITALIC_BOLD;
+}
+var Font = new jsgFont();
+
+function jsgStroke()
+{
+ this.DOTTED = -1;
+}
+var Stroke = new jsgStroke();
+
+function jsGraphics(cnv, wnd)
+{
+ this.setColor = function(x)
+ {
+ this.color = x.toLowerCase();
+ };
+
+ this.setStroke = function(x)
+ {
+ this.stroke = x;
+ if(!(x+1))
+ {
+ this.drawLine = _mkLinDott;
+ this._mkOv = _mkOvDott;
+ this.drawRect = _mkRectDott;
+ }
+ else if(x-1 > 0)
+ {
+ this.drawLine = _mkLin2D;
+ this._mkOv = _mkOv2D;
+ this.drawRect = _mkRect;
+ }
+ else
+ {
+ this.drawLine = _mkLin;
+ this._mkOv = _mkOv;
+ this.drawRect = _mkRect;
+ }
+ };
+
+ this.setPrintable = function(arg)
+ {
+ this.printable = arg;
+ if(jg_fast)
+ {
+ this._mkDiv = _mkDivIe;
+ this._htmRpc = arg? _htmPrtRpc : _htmRpc;
+ }
+ else this._mkDiv = arg? _mkDivPrt : _mkDiv;
+ };
+
+ this.setFont = function(fam, sz, sty)
+ {
+ this.ftFam = fam;
+ this.ftSz = sz;
+ this.ftSty = sty || Font.PLAIN;
+ };
+
+ this.drawPolyline = this.drawPolyLine = function(x, y)
+ {
+ for (var i=x.length - 1; i;)
+ {--i;
+ this.drawLine(x[i], y[i], x[i+1], y[i+1]);
+ }
+ };
+
+ this.fillRect = function(x, y, w, h)
+ {
+ this._mkDiv(x, y, w, h);
+ };
+
+ this.drawPolygon = function(x, y)
+ {
+ this.drawPolyline(x, y);
+ this.drawLine(x[x.length-1], y[x.length-1], x[0], y[0]);
+ };
+
+ this.drawEllipse = this.drawOval = function(x, y, w, h)
+ {
+ this._mkOv(x, y, w, h);
+ };
+
+ this.fillEllipse = this.fillOval = function(left, top, w, h)
+ {
+ var a = w>>1, b = h>>1,
+ wod = w&1, hod = h&1,
+ cx = left+a, cy = top+b,
+ x = 0, y = b, oy = b,
+ aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+ st = (aa2>>1)*(1-(b<<1)) + bb2,
+ tt = (bb2>>1) - aa2*((b<<1)-1),
+ xl, dw, dh;
+ if(w) while(y > 0)
+ {
+ if(st < 0)
+ {
+ st += bb2*((x<<1)+3);
+ tt += bb4*(++x);
+ }
+ else if(tt < 0)
+ {
+ st += bb2*((x<<1)+3) - aa4*(y-1);
+ xl = cx-x;
+ dw = (x<<1)+wod;
+ tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+ dh = oy-y;
+ this._mkDiv(xl, cy-oy, dw, dh);
+ this._mkDiv(xl, cy+y+hod, dw, dh);
+ oy = y;
+ }
+ else
+ {
+ tt -= aa2*((y<<1)-3);
+ st -= aa4*(--y);
+ }
+ }
+ this._mkDiv(cx-a, cy-oy, w, (oy<<1)+hod);
+ };
+
+ this.fillArc = function(iL, iT, iW, iH, fAngA, fAngZ)
+ {
+ var a = iW>>1, b = iH>>1,
+ iOdds = (iW&1) | ((iH&1) << 16),
+ cx = iL+a, cy = iT+b,
+ x = 0, y = b, ox = x, oy = y,
+ aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+ st = (aa2>>1)*(1-(b<<1)) + bb2,
+ tt = (bb2>>1) - aa2*((b<<1)-1),
+ // Vars for radial boundary lines
+ xEndA, yEndA, xEndZ, yEndZ,
+ iSects = (1 << (Math.floor((fAngA %= 360.0)/180.0) << 3))
+ | (2 << (Math.floor((fAngZ %= 360.0)/180.0) << 3))
+ | ((fAngA >= fAngZ) << 16),
+ aBndA = new Array(b+1), aBndZ = new Array(b+1);
+
+ // Set up radial boundary lines
+ fAngA *= Math.PI/180.0;
+ fAngZ *= Math.PI/180.0;
+ xEndA = cx+Math.round(a*Math.cos(fAngA));
+ yEndA = cy+Math.round(-b*Math.sin(fAngA));
+ _mkLinVirt(aBndA, cx, cy, xEndA, yEndA);
+ xEndZ = cx+Math.round(a*Math.cos(fAngZ));
+ yEndZ = cy+Math.round(-b*Math.sin(fAngZ));
+ _mkLinVirt(aBndZ, cx, cy, xEndZ, yEndZ);
+
+ while(y > 0)
+ {
+ if(st < 0) // Advance x
+ {
+ st += bb2*((x<<1)+3);
+ tt += bb4*(++x);
+ }
+ else if(tt < 0) // Advance x and y
+ {
+ st += bb2*((x<<1)+3) - aa4*(y-1);
+ ox = x;
+ tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+ this._mkArcDiv(ox, y, oy, cx, cy, iOdds, aBndA, aBndZ, iSects);
+ oy = y;
+ }
+ else // Advance y
+ {
+ tt -= aa2*((y<<1)-3);
+ st -= aa4*(--y);
+ if(y && (aBndA[y] != aBndA[y-1] || aBndZ[y] != aBndZ[y-1]))
+ {
+ this._mkArcDiv(x, y, oy, cx, cy, iOdds, aBndA, aBndZ, iSects);
+ ox = x;
+ oy = y;
+ }
+ }
+ }
+ this._mkArcDiv(x, 0, oy, cx, cy, iOdds, aBndA, aBndZ, iSects);
+ if(iOdds >> 16) // Odd height
+ {
+ if(iSects >> 16) // Start-angle > end-angle
+ {
+ var xl = (yEndA <= cy || yEndZ > cy)? (cx - x) : cx;
+ this._mkDiv(xl, cy, x + cx - xl + (iOdds & 0xffff), 1);
+ }
+ else if((iSects & 0x01) && yEndZ > cy)
+ this._mkDiv(cx - x, cy, x, 1);
+ }
+ };
+
+/* fillPolygon method, implemented by Matthieu Haller.
+This javascript function is an adaptation of the gdImageFilledPolygon for Walter Zorn lib.
+C source of GD 1.8.4 found at http://www.boutell.com/gd/
+
+THANKS to Kirsten Schulz for the polygon fixes!
+
+The intersection finding technique of this code could be improved
+by remembering the previous intertersection, and by using the slope.
+That could help to adjust intersections to produce a nice
+interior_extrema. */
+ this.fillPolygon = function(array_x, array_y)
+ {
+ var i;
+ var y;
+ var miny, maxy;
+ var x1, y1;
+ var x2, y2;
+ var ind1, ind2;
+ var ints;
+
+ var n = array_x.length;
+ if(!n) return;
+
+ miny = array_y[0];
+ maxy = array_y[0];
+ for(i = 1; i < n; i++)
+ {
+ if(array_y[i] < miny)
+ miny = array_y[i];
+
+ if(array_y[i] > maxy)
+ maxy = array_y[i];
+ }
+ for(y = miny; y <= maxy; y++)
+ {
+ var polyInts = new Array();
+ ints = 0;
+ for(i = 0; i < n; i++)
+ {
+ if(!i)
+ {
+ ind1 = n-1;
+ ind2 = 0;
+ }
+ else
+ {
+ ind1 = i-1;
+ ind2 = i;
+ }
+ y1 = array_y[ind1];
+ y2 = array_y[ind2];
+ if(y1 < y2)
+ {
+ x1 = array_x[ind1];
+ x2 = array_x[ind2];
+ }
+ else if(y1 > y2)
+ {
+ y2 = array_y[ind1];
+ y1 = array_y[ind2];
+ x2 = array_x[ind1];
+ x1 = array_x[ind2];
+ }
+ else continue;
+
+ // Modified 11. 2. 2004 Walter Zorn
+ if((y >= y1) && (y < y2))
+ polyInts[ints++] = Math.round((y-y1) * (x2-x1) / (y2-y1) + x1);
+
+ else if((y == maxy) && (y > y1) && (y <= y2))
+ polyInts[ints++] = Math.round((y-y1) * (x2-x1) / (y2-y1) + x1);
+ }
+ polyInts.sort(_CompInt);
+ for(i = 0; i < ints; i+=2)
+ this._mkDiv(polyInts[i], y, polyInts[i+1]-polyInts[i]+1, 1);
+ }
+ };
+
+ this.drawString = function(txt, x, y)
+ {
+ this.htm += '<div style="position:absolute;white-space:nowrap;'+
+ 'left:' + x + 'px;'+
+ 'top:' + y + 'px;'+
+ 'font-family:' + this.ftFam + ';'+
+ 'font-size:' + this.ftSz + ';'+
+ 'color:' + this.color + ';' + this.ftSty + '">'+
+ txt +
+ '<\/div>';
+ };
+
+/* drawStringRect() added by Rick Blommers.
+Allows to specify the size of the text rectangle and to align the
+text both horizontally (e.g. right) and vertically within that rectangle */
+ this.drawStringRect = function(txt, x, y, width, halign)
+ {
+ this.htm += '<div style="position:absolute;overflow:hidden;'+
+ 'left:' + x + 'px;'+
+ 'top:' + y + 'px;'+
+ 'width:'+width +'px;'+
+ 'text-align:'+halign+';'+
+ 'font-family:' + this.ftFam + ';'+
+ 'font-size:' + this.ftSz + ';'+
+ 'color:' + this.color + ';' + this.ftSty + '">'+
+ txt +
+ '<\/div>';
+ };
+
+ this.drawImage = function(imgSrc, x, y, w, h, a)
+ {
+ this.htm += '<div style="position:absolute;'+
+ 'left:' + x + 'px;'+
+ 'top:' + y + 'px;'+
+ // w (width) and h (height) arguments are now optional.
+ // Added by Mahmut Keygubatli, 14.1.2008
+ (w? ('width:' + w + 'px;') : '') +
+ (h? ('height:' + h + 'px;'):'')+'">'+
+ '<img src="' + imgSrc +'"'+ (w ? (' width="' + w + '"'):'')+ (h ? (' height="' + h + '"'):'') + (a? (' '+a) : '') + '>'+
+ '<\/div>';
+ };
+
+ this.clear = function()
+ {
+ this.htm = "";
+ if(this.cnv) this.cnv.innerHTML = "";
+ };
+
+ this._mkOvQds = function(cx, cy, x, y, w, h, wod, hod)
+ {
+ var xl = cx - x, xr = cx + x + wod - w, yt = cy - y, yb = cy + y + hod - h;
+ if(xr > xl+w)
+ {
+ this._mkDiv(xr, yt, w, h);
+ this._mkDiv(xr, yb, w, h);
+ }
+ else
+ w = xr - xl + w;
+ this._mkDiv(xl, yt, w, h);
+ this._mkDiv(xl, yb, w, h);
+ };
+
+ this._mkArcDiv = function(x, y, oy, cx, cy, iOdds, aBndA, aBndZ, iSects)
+ {
+ var xrDef = cx + x + (iOdds & 0xffff), y2, h = oy - y, xl, xr, w;
+
+ if(!h) h = 1;
+ x = cx - x;
+
+ if(iSects & 0xff0000) // Start-angle > end-angle
+ {
+ y2 = cy - y - h;
+ if(iSects & 0x00ff)
+ {
+ if(iSects & 0x02)
+ {
+ xl = Math.max(x, aBndZ[y]);
+ w = xrDef - xl;
+ if(w > 0) this._mkDiv(xl, y2, w, h);
+ }
+ if(iSects & 0x01)
+ {
+ xr = Math.min(xrDef, aBndA[y]);
+ w = xr - x;
+ if(w > 0) this._mkDiv(x, y2, w, h);
+ }
+ }
+ else
+ this._mkDiv(x, y2, xrDef - x, h);
+ y2 = cy + y + (iOdds >> 16);
+ if(iSects & 0xff00)
+ {
+ if(iSects & 0x0100)
+ {
+ xl = Math.max(x, aBndA[y]);
+ w = xrDef - xl;
+ if(w > 0) this._mkDiv(xl, y2, w, h);
+ }
+ if(iSects & 0x0200)
+ {
+ xr = Math.min(xrDef, aBndZ[y]);
+ w = xr - x;
+ if(w > 0) this._mkDiv(x, y2, w, h);
+ }
+ }
+ else
+ this._mkDiv(x, y2, xrDef - x, h);
+ }
+ else
+ {
+ if(iSects & 0x00ff)
+ {
+ if(iSects & 0x02)
+ xl = Math.max(x, aBndZ[y]);
+ else
+ xl = x;
+ if(iSects & 0x01)
+ xr = Math.min(xrDef, aBndA[y]);
+ else
+ xr = xrDef;
+ y2 = cy - y - h;
+ w = xr - xl;
+ if(w > 0) this._mkDiv(xl, y2, w, h);
+ }
+ if(iSects & 0xff00)
+ {
+ if(iSects & 0x0100)
+ xl = Math.max(x, aBndA[y]);
+ else
+ xl = x;
+ if(iSects & 0x0200)
+ xr = Math.min(xrDef, aBndZ[y]);
+ else
+ xr = xrDef;
+ y2 = cy + y + (iOdds >> 16);
+ w = xr - xl;
+ if(w > 0) this._mkDiv(xl, y2, w, h);
+ }
+ }
+ };
+
+ this.setStroke(1);
+ this.setFont("verdana,geneva,helvetica,sans-serif", "12px", Font.PLAIN);
+ this.color = "#000000";
+ this.htm = "";
+ this.wnd = wnd || window;
+
+ if(!jg_ok) _chkDHTM();
+ if(jg_ok)
+ {
+ if(cnv)
+ {
+ if(typeof(cnv) == "string")
+ this.cont = document.all? (this.wnd.document.all[cnv] || null)
+ : document.getElementById? (this.wnd.document.getElementById(cnv) || null)
+ : null;
+ else if(cnv == window.document)
+ this.cont = document.getElementsByTagName("body")[0];
+ // If cnv is a direct reference to a canvas DOM node
+ // (option suggested by Andreas Luleich)
+ else this.cont = cnv;
+ // Create new canvas inside container DIV. Thus the drawing and clearing
+ // methods won't interfere with the container's inner html.
+ // Solution suggested by Vladimir.
+ this.cnv = this.wnd.document.createElement("div");
+ this.cnv.style.fontSize=0;
+ this.cont.appendChild(this.cnv);
+ this.paint = jg_dom? _pntCnvDom : _pntCnvIe;
+ }
+ else
+ this.paint = _pntDoc;
+ }
+ else
+ this.paint = _pntN;
+
+ this.setPrintable(false);
+}
+
+function _mkLinVirt(aLin, x1, y1, x2, y2)
+{
+ var dx = Math.abs(x2-x1), dy = Math.abs(y2-y1),
+ x = x1, y = y1,
+ xIncr = (x1 > x2)? -1 : 1,
+ yIncr = (y1 > y2)? -1 : 1,
+ p,
+ i = 0;
+ if(dx >= dy)
+ {
+ var pr = dy<<1,
+ pru = pr - (dx<<1);
+ p = pr-dx;
+ while(dx > 0)
+ {--dx;
+ if(p > 0) // Increment y
+ {
+ aLin[i++] = x;
+ y += yIncr;
+ p += pru;
+ }
+ else p += pr;
+ x += xIncr;
+ }
+ }
+ else
+ {
+ var pr = dx<<1,
+ pru = pr - (dy<<1);
+ p = pr-dy;
+ while(dy > 0)
+ {--dy;
+ y += yIncr;
+ aLin[i++] = x;
+ if(p > 0) // Increment x
+ {
+ x += xIncr;
+ p += pru;
+ }
+ else p += pr;
+ }
+ }
+ for(var len = aLin.length, i = len-i; i;)
+ aLin[len-(i--)] = x;
+};
+
+function _CompInt(x, y)
+{
+ return(x - y);
+}
+
Modified: branches/2.4.5/2.4.4_leak/http/frames/login.php
===================================================================
--- tags/2.4.4/http/frames/login.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/frames/login.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,5 @@
<?php
-# $Id: login.php 76 2006-08-15 12:25:34Z heuser $
+# $Id$
# Copyright (C) 2002 CCGIS
#
# This program is free software; you can redistribute it and/or modify
@@ -152,8 +152,10 @@
}
if($_SESSION["mb_user_id"]){
if($row["mb_user_login_count"] < $loginMax){
- $sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = " . $_SESSION['mb_user_id'];
- db_query($sql_del_cnt);
+ $sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = $1";
+ $v = array($_SESSION['mb_user_id']);
+ $t = array("i");
+ db_prep_query($sql_del_cnt, $v, $t);
require_once(dirname(__FILE__)."/../php/mb_getGUIs.php");
$arrayGUIs = mb_getGUIs($row["mb_user_id"]);
$_SESSION["mb_user_guis"] = $arrayGUIs;
Deleted: branches/2.4.5/2.4.4_leak/http/html/mod_treefolder_auge.php
===================================================================
--- tags/2.4.4/http/html/mod_treefolder_auge.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/html/mod_treefolder_auge.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,787 +0,0 @@
-<?php
-session_start();
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
-
-$eye_on = '../img/eye_on.gif';
-$eye_off = '../img/eye_off.gif';
-$info_on = '../img/info_on.gif';
-$info_off ='../img/info_off.gif';
-$no_info ='../img/no_info.gif';
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
-<META NAME="Generator" CONTENT="Cosmo Create 1.0.3">
-<?php
-echo '<meta http-equiv="Content-Type" content="text/html; charset='.CHARSET.'">';
-?>
-<TITLE>Treefolder Eyes</TITLE>
-<?php
- include '../include/dyn_css.php';
-?>
-<script language='JavaScript'>
-function pop_up(name)
-{
- window.open(name,"METADATEN","width=310,height=400,left=0,top=0");
-}
-</script>
-<?php
-echo "<script language='JavaScript'>";
-
- import_request_variables("PG");
-
- require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
- $sql = "SELECT e_target FROM gui_element WHERE e_id = '".$_REQUEST['e_id_css']."' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-
- $res = db_query($sql);
- $e_target = db_result($res,0,"e_target");
-
- echo "mod_treeGDE_map = '".$e_target."';";
-echo "</script>";
-
-$sql = "select var_name,var_value from gui_element_vars where fkey_gui_id='".$_SESSION["mb_user_gui"]."' and fkey_e_id='".$_REQUEST['e_id_css']."' and var_type = 'img';";
-
- $res = db_query($sql);
-$img["folder_off"] ='../img/tree/folder_off_new.gif';
-$img["folder_on"] ='../img/tree/folder_on_new.gif';
-while($row = db_fetch_array($res))
-{
-$img[$row['var_name']] = $row['var_value'];
-}
-
-?>
- <SCRIPT language="JavaScript1.2">
- <!--
- /*
- * sitemap.js 1.31 05/02/2000
- * - Opera 5
- *
- * sitemap.js 1.3 27/11/2000
- * - Netscape 6
- *
- * sitemap.js 1.2 20/05/2000
- * - split array tree into arrays for each element old tree
- * - no mory type flag, an folder is an entry which has sons
- * - a folder can have an link
- * - while initing an default layers is shown
- *
- * sitemap.js 1.1 20/10/1999
- * - showTree only updates and init layers new which have been really changed
- * - add deep to knot entry
- * - substitute knotDeep[ id ] w/ tree[ id2treeIndex[ id ] ].deep
- * - add alignment to img and a at the beginning of eyery line
- * - add a fake img for bookmarks on top panel
- *
- * sitemap.js 1.02 14/10/1999
- * - fix bug in initStyles
- *
- * sitemap.js 1.01 06/10/1999
- * - fix bug in knotDeep for Netscape 4.00-4.0.5
- *
- * sitemap.js 1.0 20/09/1999
- *
- * Javascript function for displaying hierarchic directory structures with
- * the ability to collapse and expand directories.
- *
- * Copyright (c) 1999 Polzin GmbH, Duesseldorf. All Rights Reserved.
- * Author: Lutz Eymers <ixtab at polzin.com>
- * Download: http://www.polzin.com/inet/fset_inet.phtml?w=goodies
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purposes and without fee
- * is hereby granted provided that this copyright notice
- * appears in all copies.
- *
- * Of course, this software is provided "as is" without express or implied
- * warranty of any kind.
- *
- */
-
- parent.mb_registerSubFunctions("window.frames['treeGDE'].mod_treeGDE()");
-
-function mod_treeGDE(){
- /**/
- var ind = parent.getMapObjIndexByName(mod_treeGDE_map);
- //if(ind == false){ alert("error, no mapobject specified");}
- for(var i=0; i<document.getElementsByTagName("input").length; i++){
- //wms_title,layer_shortname,{visible | querylayer}
- var myID = document.getElementsByTagName("input")[i].id;
- var arrayID = document.getElementsByTagName("input")[i].id.split("###");
- //var ind = parent.getMapObjIndexByName(mod_treeGDE_map);
- var wms_ind = parent.getWMSIndexByTitle(mod_treeGDE_map,arrayID[0]);
- if(arrayID[2] == "visible"){
- var arrayLayer = parent.mb_mapObj[ind].layers[wms_ind].split(",");
- var isOn = false;
- for(var ii=0; ii<arrayLayer.length; ii++){
- if(arrayID[1] == arrayLayer[ii]){isOn = true;}
- }
- if(isOn == true){ document.getElementById(myID).checked = true;}
- if(isOn == false){ document.getElementById(myID).checked = false;}
- }
- if(arrayID[2] == "querylayer"){
- //nothing to do at this time
- }
- }
- /*consider scalhints*/
- for(var i=0; i<parent.mb_mapObj.length; i++){
- var scale = parseInt(parent.mb_getScale(mod_treeGDE_map));
- if(parent.mb_mapObj[i].frameName == mod_treeGDE_map){
- for(var ii=0; ii<parent.mb_mapObj[i].wms.length; ii++){
- for(var iii=1; iii<parent.mb_mapObj[i].wms[ii].objLayer.length; iii++){
- if(document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name)){
- if(scale < parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_minscale) && parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_minscale) != 0){
- document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#999999';
- }
- else if(scale > parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_maxscale) && parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_maxscale) != 0){
- document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#999999';
- }
- else{
- document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#000000';
- }
- }
- }
- }
- }
- }
-}
- window.onError=null;
-
- var idx=0
- var treeId = new Array();
- var treeP_id = new Array();
- var treeIsOn = new Array();
- var treeTyp = new Array();
- var treeName = new Array();
- var treeUrl = new Array();
- var treeWasOn = new Array();
- var treeDeep = new Array();
- var treeLastY = new Array();
- var treeIsShown = new Array();
- var treeSelectable = new Array();
- var treeVisible = new Array();
- var treeQueryable = new Array();
- var treeQuerylayer = new Array();
- var treeWMS = new Array();
- var treeShortname = new Array();
-
- function Note( id,p_id,name,url,selectable,visible,queryable,querylayer,wms,shortname) {
- treeId[ idx ] = id
- treeP_id[ idx ] = p_id
- treeIsOn[ idx ] = false
- treeTyp[ idx ] = 'f'
- treeName[ idx ] = name
- treeUrl[ idx ] = url
- treeWasOn[ idx ] = false
- treeDeep[ idx ] = 0
- treeLastY[ idx ] = 0
- treeIsShown[ idx ] = false
- treeSelectable[ idx ] = selectable
- treeVisible[ idx ] = visible
- treeQueryable[ idx ] = queryable
- treeQuerylayer[ idx ] = querylayer
- treeWMS[ idx ] = wms
- treeShortname[ idx ] = shortname
- idx++
- }
-
- function initDiv ( )
- {
- if ( isDOM || isDomIE )
- {
- divPrefix='<DIV CLASS="sitemap" style="position:absolute; left:0; top:0; visibility:hidden;" ID="sitemap'
- divInfo='<DIV CLASS="sitemap" style="position:absolute; visibility:visible" ID="sitemap'
- }
- else
- {
- divPrefix='<DIV CLASS="sitemap" ID="sitemap'
- divInfo='<DIV CLASS="sitemap" ID="sitemap'
- }
- //document.writeln( divInfo + 'info">Bitte haben Sie etwas Geduld.<BR> <BR>Es werden die Einträge aus<BR> <BR>der Datenbank initialisiert.</DIV> ' );
- for ( var i=1; i<idx; i++ )
- {
- // linked Name ?
-
-
- if ( treeUrl[i] != '' ){
- if(treeVisible[i] != 1){
- linkedName = '<a href="#" onclick="changevalue('+ i +')"><input type=hidden id="treeWMS['+i+']" value=0><img name="bild'+ i +'" id="test" border=0 src="'+images[1]+'" alt="'+images_text[1]+'"></A>';
- }
- else
- {
- linkedName = '<a href="#" onclick="changevalue('+ i +')"><input type=hidden id="treeWMS['+i+']" value=1><img name="bild'+ i +'" id="test" border=0 src="'+images[2]+'" alt="'+images_text[2]+'"></A>';
- }
-
- //linkedName += "<input id='"+treeWMS[i]+"###"+treeShortname[i]+"###visible' type='checkbox' ";
- //if(treeVisible[i] == '1'){ linkedName += "checked ";}
- //if(treeSelectable[i] != '1'){ linkedName += "disabled ";}
- //linkedName += "onClick = 'if(this.checked){parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"visible\",1);parent.setSingleMapRequest(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\");}";
- //linkedName += "else{parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"visible\",0);parent.setSingleMapRequest(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\");}'";
- //linkedName += '>';
-
-
- //no checkbox for the query
- <?php
- if(isset($_REQUEST["noquerycheckbox"])){
- $nocheck = $_REQUEST["noquerycheckbox"];
- }
- else{
- $nocheck = false;
- }
- echo "var noquerycheck = ".$nocheck.";";
- ?>
- ///evudb/images/mapbender/button_gray/query_off.gif
- ///evudb/images/mapbender/button_gray/query_on.gif
- if (noquerycheck==false || noquerycheck==0){
- if(treeQuerylayer[i] == '1' && treeVisible[i] == 1){
- //Info aktiv
- //alert('info aktiv');
- linkedName += ' <a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=1><img name="query'+ i +'" id="query'+i+'" border=0 src="'+qimages[2]+'" alt="'+qimages_text[2]+'"></A>';
- }
- else
- {
- //alert(treeQueryable[i] + ' ' + treeShortname[i]);
- if(treeQueryable[i] == '1')
- {
- //Info verfügbar
- if (treeVisible[i] ==1)
- {
- // Info aktivierbar
- linkedName += ' <a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=0><img name="query'+ i +'" id="query'+i+'" border=0 src="'+qimages[1]+'" alt="'+qimages_text[1]+'"></A>';
- }
- else
- {
- // Info nicht aktivierbar
- linkedName += ' <a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=0><img name="query'+ i +'" id="query'+i+'" border=0 src="'+qimages[3]+'" alt="'+qimages_text[3]+'"></A>';
- }
- }
- else
- {
- //Info nicht verfügbar verfügbar --> kein Image
- //linkedName += ' <input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=-1><img name="query'+ i +'" id="query'+i+'" border=0 src="<?php echo $no_info;?>" alt="keine Informationen verfügbar">';
- }
- }
- //linkedName += "<input id='"+treeWMS[i]+"###"+treeShortname[i]+"###querylayer' type='checkbox' ";
- //if(treeQuerylayer[i] == '1' && treeVisible[i] == 1){ linkedName += "checked ";}
- //if(treeQueryable[i] != '1' || treeVisible[i] != 1){ linkedName += "disabled ";}
- //linkedName += "onClick = 'if(this.checked){parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"querylayer\",1);}";
- //linkedName += "else{parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"querylayer\",0);}'";
- //linkedName += '>';
- }
-
-
- //no legendlink for the layername
- <?php
- if(isset($_REQUEST["nolink"])){
- $nolegendlink = $_REQUEST["nolink"];
- }
- else{
- $nolegendlink = false;
- }
- echo "var nolink = ".$nolegendlink.";";
- ?>
-
-
- //linkedName += '<A id="'+treeWMS[i]+'_'+treeShortname[i]+'" HREF="' + treeUrl[i] + '" TARGET="' + defaultTarget + '"><IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i] + '</A>';
-
- linkedName += '<A id="'+treeWMS[i]+'_'+treeShortname[i];
- if (nolink==0 || nolink==false){
- linkedName += '" HREF="' + treeUrl[i];
- }
- linkedName +='" TARGET="' + defaultTarget + '"><IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i] + '</A>';
-
-
- }
- else
- linkedName = '<IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i]
- // don't link folder icon if node has no sons
- if ( i == idx-1 || treeP_id[i+1] != treeId[i] ) {
- if ( treeDeep[ i ] == 0 )
- folderImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_empty.gif" BORDER="0" HEIGHT="16" WIDTH="1" HSPACE="0">'
- else
- folderImg = ''
- } else {
- folderImg = '<A HREF="javascript:sitemapClick(' + treeId[i] + ')"><IMG ALIGN="BOTTOM" SRC="<?php echo $img["folder_off"];?>" BORDER="0" NAME="folder' + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0"></A>'
- }
- // which type of file icon should be displayed?
- if ( treeP_id[i] != 0 )
- {
- if ( lastEntryInFolder( treeId[i] ) )
- fileImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_last.gif" BORDER="0" NAME="file'
- + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0">'
- else
- fileImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file.gif" BORDER="0" NAME="file'
- + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0">'
- }
- else
- fileImg = ''
- // traverse parents up to root and show vertical lines if parent
- // is not the last entry on this layer
- verticales = ''
- for( var act_id=treeId[i] ; treeDeep[ id2treeIndex[ act_id ] ] > 1; )
- {
- act_id = treeP_id[ id2treeIndex[ act_id ]]
- if ( lastEntryInFolder( act_id ) )
- {
- verticales = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_empty.gif" BORDER="0" HEIGHT="16" WIDTH="30" HSPACE="0">' + verticales
- }
- else
- {
- verticales = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_vert.gif" BORDER="0" HEIGHT="16" WIDTH="30" HSPACE="0">' + verticales
- }
- }
-
-
- document.writeln( divPrefix + treeId[i] + '"><NOBR> ' + verticales + fileImg + folderImg + linkedName + '</NOBR></DIV>'
- )
- }
- }
-
- var i = 1 ;
- images = new Array;
- qimages = new Array;
- images_text = new Array;
- qimages_text = new Array;
- images[1] = '<?php echo $eye_off;?>';
- images[2] = '<?php echo $eye_on;?>';
- qimages[1] = '<?php echo $info_off;?>';
- qimages[2] = '<?php echo $info_on;?>';
- qimages[3] = '<?php echo $no_info;?>';
- images_text[1] = 'klicken Sie hier um den Layer zu aktivieren';
- images_text[2] = 'klicken Sie hier um den Layer zu deaktivieren';
- qimages_text[1] = 'klicken Sie hier um die Informationen zu aktivieren';
- qimages_text[2] = 'klicken Sie hier um die Informationen zu deaktivieren';
- qimages_text[3] = 'Informationen momentan nicht verfügbar';
-
- function changevalue(id){
- var info = document.getElementById('query'+ id) ;
- var layer = document.getElementById('bild' + id) ;
- var wert = document.getElementById('treeWMS['+id+']');
- var query = document.getElementById(treeWMS[id]+'###'+treeShortname[id]+'###querylayer');
- //alert(wert.value);
- if(wert.value == 1){ //war sichtbar
- // Layer war sichtbar --> deaktivieren
- layer.src = images[1];
- layer.alt = images_text[1];
- //if(treeQuerylayer[id] == 1){
- //Infobutton aendern, wenn Info abfragbar
- if(treeQueryable[id] == '1')
- {
- info.src = qimages[3];
- info.alt = qimages_text[3];
- // Info deaktivieren
- query.value = 0 ; // Ausschalten der Abfrage wenn nicht sichtbar
- query.checked = false;
- query.disabled = true;
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',0); // Info disabled
- }
- wert.value=0;
- //alert(wert.value);
- // Anzeige des Layers deaktivieren
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'visible',0);
- parent.setSingleMapRequest(mod_treeGDE_map,treeWMS[id]);
-
-
-
- }
- else
- {
- // Layer war nicht sichtbar --> aktivieren
- layer.src = images[2];
- layer.alt = images_text[2]
- wert.value=1;
- //alert(wert.value);
- // Anzeige des Layers aktivieren
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'visible',1);
- parent.setSingleMapRequest(mod_treeGDE_map,treeWMS[id]);
- // evtl. Info aktivieren und Button aendern
- if(treeQueryable[id] == '1')
- {
- if (treeQuerylayer[id] == 1)
- {
- //Info aktivieren
- info.src = qimages[2];
- info.alt = qimages_text[2];
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',1);
- query.value = 1;
- query.disabled = false;
- }
- else
- {
- //Info aktivierbar
- info.src = qimages[1];
- info.alt = qimages_text[1];
- query.value = 0;
- query.disabled = false;
-
- }
- }
- }
-
- }
-
- function changeinfo(id)
- {
- var info = document.getElementById('query'+ id) ;
- var wert = document.getElementById('treeWMS['+id+']');
- var query = document.getElementById(treeWMS[id]+'###'+treeShortname[id]+'###querylayer');
- //"'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer"
- // alert(query.value);
- //alert(layer.src == '../img/orangeball.gif');
- //alert(wert.value);
- if(query.value == 1)
- { //war sichtbar
- // Info war aktiviert --> deaktivieren
- info.src = qimages[1];
- info.alt = qimages_text[1];
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',0);
-
- query.value = 0 ; // Ausschalten der Abfrage wenn nicht sichtbar
- //query.checked = false; //<--wozu?
- query.disabled = true;
- }
- else
- {
- // Info war deaktiviert --> aktivieren
- if(wert.value == 1)
- {
- info.src = qimages[2];
- info.alt = qimages_text[2];
- query.value=1;
-
- //alert(wert.value);
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',1);
- //if(treeQuerylayer[id] == 1){
- //query.checked = false; //<--wozu?
- query.disabled = false;
- //}
- }
- }
-
- }
- function initStyles ( )
- {
- document.writeln( '<STYLE TYPE="text/css">' + "\n" + '<!--' )
- for ( var i=1,y=y0; i<idx; i++ )
- {
- document.writeln( '#sitemap' + treeId[i] + ' {POSITION: absolute; VISIBILITY: hidden;}' )
- if ( treeIsOn[ id2treeIndex[ treeP_id[i] ] ] )
- y += deltaY
- }
- document.writeln( '#sitemapinfo {POSITION: absolute; VISIBILITY: visible;}' )
- document.writeln( '//-->' + "\n" + '</STYLE>' )
- }
-
-
-
- function sitemapClick( id )
- {
- var i = id2treeIndex[ id ]
-
- if ( treeIsOn[ i ] )
- // close directory
- {
- // mark node as invisible
- treeIsOn[ i ]=false
- // mark all sons as invisible
- actDeep = treeDeep[ i ]
- for( var j=i+1; j<idx && treeDeep[j] > actDeep; j++ )
- {
- treeWasOn[ j ] = treeIsOn[ j ]
- treeIsOn[ j ]=false
- }
- gif_off( id )
- }
- else
- // open directory
- {
- treeIsOn[ i ]=true
- // remember and restore old status
- actDeep = treeDeep[ i ]
- for( var j=i+1; j<idx && treeDeep[j] > actDeep; j++ )
- {
- treeIsOn[ j ] = treeWasOn[ j ]
- }
- gif_on( id )
- }
- showTree()
- }
-
- function knotDeep( id )
- {
- var deep=0
- while ( true )
- if ( treeP_id[ id2treeIndex[id] ] == 0 )
- return deep
- else
- {
- ++deep
- id = treeP_id[ id2treeIndex[id] ]
- }
- return deep
- }
-
- function initTree( id )
- {
- treeIsOn[ id2treeIndex[id] ] = true
- if ( treeTyp[ id2treeIndex[id] ] != 'b' )
- gif_on( id )
- while ( treeP_id[ id2treeIndex[id] ] != 0 )
- {
- id = treeP_id[ id2treeIndex[id] ]
- treeIsOn[ id2treeIndex[id] ] = true
- if ( treeTyp[ id2treeIndex[id] ] != 'b' )
- gif_on( id )
- }
- }
-
- function lastEntryInFolder( id )
- {
- var i = id2treeIndex[id]
- if ( i == idx-1 )
- return true
- if ( treeTyp[i] == 'b' )
- {
- if ( treeP_id[i+1] != treeP_id[i] )
- return true
- else
- return false
- }
- else
- {
- var actDeep = treeDeep[i]
- for( var j=i+1; j<idx && treeDeep[j] > actDeep ; j++ )
- ;
- if ( j<idx && treeDeep[j] == actDeep )
- return false
- else
- return true
- }
- }
-
- function showTree()
- {
- for( var i=1, y=y0, x=x0; i<idx; i++ )
- {
- if ( treeIsOn[ id2treeIndex[ treeP_id[i] ] ] )
- {
- // show current node
- if ( !(y == treeLastY[i] && treeIsShown[i] ) )
- {
- showLayer( "sitemap"+ treeId[i] )
- setyLayer( "sitemap"+ treeId[i], y )
- treeIsShown[i] = true
- }
- treeLastY[i] = y
- y += deltaY
- }
- else
- {
- // hide current node and all sons
- if ( treeIsShown[ i ] )
- {
- hideLayer( "sitemap"+ treeId[i] )
- treeIsShown[i] = false
- }
- }
- }
- }
-
- function initIndex() {
- for( var i=0; i<idx; i++ )
- id2treeIndex[ treeId[i] ] = i
- }
-
- function gif_name (name, width, height) {
- this.on = new Image (width, height);
- this.on.src = '<?echo $img["folder_on"];?>';
- this.off = new Image (width, height);
- this.off.src = '<?echo $img["folder_off"]?>';
- }
-
- function load_gif (name, width, height) {
- gif_name [name] = new gif_name (name,width,height);
- }
-
- function load_all () {
- load_gif ('folder',30,16)
- file_last = new Image( 30,16 )
- file_last.src = "../img/tree/file_last.gif"
- file_middle = new Image( 30,16 )
- file_middle.src = "../img/tree/file.gif"
- file_vert = new Image( 30,16 )
- file_vert.src = "../img/tree/file_vert.gif"
- file_empty = new Image( 30,16 )
- file_empty = "../img/tree/file_empty.gif"
- }
-
- function gif_on ( id ) {
- eval("document['folder" + id + "'].src = gif_name['folder'].on.src")
- }
-
- function gif_off ( id ) {
- eval("document['folder" + id + "'].src = gif_name['folder'].off.src")
- }
-
- // global configuration
- var deltaX = 30
- var deltaY = 16
- var x0 = 5
- var y0 = 5
- var defaultTarget = 'examplemain'
-
- var browserName = navigator.appName;
- var browserVersion = parseInt(navigator.appVersion);
- var isIE = false;
- var isNN = false;
- var isDOM = false;
- var isDomIE = false;
- var isDomNN = false;
- var layerok = false;
-
- var isIE = browserName.indexOf("Microsoft Internet Explorer" )==-1?false:true;
- var isNN = browserName.indexOf("Netscape")==-1?false:true;
- var isOpera = browserName.indexOf("Opera")==-1?false:true;
- var isDOM = document.getElementById?true:false;
- var isDomNN = document.layers?true:false;
- var isDomIE = document.all?true:false;
-
- if ( isNN && browserVersion>=4 ) layerok=true;
- if ( isIE && browserVersion>=4 ) layerok=true;
- if ( isOpera && browserVersion>=5 ) layerok=true;
-
-
- function hideLayer(layerName) {
- if (isDOM)
- document.getElementById(layerName).style.visibility="hidden"
- else if (isDomIE)
- document.all[layerName].style.visibility="hidden";
- else if (isDomNN)
- document.layers[layerName].visibility="hidden";
- }
-
- function showLayer(layerName) {
- if (isDOM)
- document.getElementById(layerName).style.visibility="visible"
- else if (isDomIE)
- document.all[layerName].style.visibility="visible";
- else if (isDomNN)
- document.layers[layerName].visibility="visible";
- }
-
- function setyLayer(layerName, y) {
- if (isDOM)
- document.getElementById(layerName).style.top=y
- else if (isDomIE)
- document.all[layerName].style.top=y;
- else if (isDomNN)
- document.layers[layerName].top=y;
- }
-
- var id2treeIndex = new Array()
-
- // the structure is easy to understand with a simple example
- // p_id is the id of the parent
- // E0 ( id=0,p_id=-1 )
- // E11 ( id=1,p_id=0)
- // E111 ( id=2,p_id=1 )
- // E112 ( id=3,p_id=1 )
- // E12 ( id=4,p_id=0 )
- // E121 ( id=5,p_id=4 )
- // E13 ( id=6,p_id=0 )
- // E131 ( id=7,p_id=6 )
- // E1311 ( id=8,p_id=7 )
- // E132 ( id=9,p_id=6 )
- // this is a multinary tree structure which is easy to
- // populate with database data :)
-function initArray(){
- var parentObj = 0;
- if(parent.mb_mapObj.length == 0){ window.setTimeout("initArray()",100); }
- else if(parent.mb_mapObj.length > 0){
- Note(0,-1,'','');
- for(var i=0; i<parent.mb_mapObj.length; i++){
- if(parent.mb_mapObj[i].frameName == mod_treeGDE_map){
- for(var ii=0; ii<parent.mb_mapObj[i].wms.length; ii++){
- if(parent.mb_mapObj[i].wms[ii].gui_wms_visible == '1'){
- for(var iii=0; iii<parent.mb_mapObj[i].wms[ii].objLayer.length; iii++){
- var temp = parent.mb_mapObj[i].wms[ii].objLayer[iii];
- if(parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_parent == ""){
- //alert((parseInt(temp.layer_id)+1) + " , " +0 + " , " +temp.layer_title + " , " +'');
- Note((parseInt(temp.layer_id)+1),0,temp.layer_title,'','','','','');
- parentObj = temp.layer_id+1;
- }
- if(parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_parent == "0"){
-
- if(temp.gui_layer_selectable == '1' || temp.gui_layer_queryable == '1'){
-
- Note((parseInt(temp.layer_id)+1),parentObj,temp.layer_title,'../metadata/metadata.php?wms_id='+parseInt(parent.mb_mapObj[i].wms[ii].wms_id)+'&gui_layer_wms_id='+temp.gui_layer_wms_id+'&layer_name='+temp.layer_name,temp.gui_layer_selectable,temp.gui_layer_visible,temp.gui_layer_queryable,temp.gui_layer_querylayer,parent.mb_mapObj[i].wms[ii].wms_title,temp.layer_name);
- //Note((parseInt(temp.layer_id)+1),parentObj,temp.layer_title,'dasdf',temp.gui_layer_selectable,temp.gui_layer_visible,temp.gui_layer_queryable,temp.gui_layer_querylayer,parent.mb_mapObj[i].wms[ii].wms_title,temp.layer_name);
- }
- }
- }
- }
- }
- }
- }
- //Note(22,1,'willi','adfasd');
- treeTyp[0] = 'f'
- treeIsOn[0] = true
- treeWasOn[0] = true
- }
-}
- function initArray_()
- {
- Note(0,-1,'','')
- Note(1,0,'Tutorials','')
- Note(8,1,'HTML','')
- Note(10,8,'SelfHtml','http://www.teamone.de/selfaktuell/')
- Note(9,1,'willi','')
- Note(100,9,'SelfHtml','http://www.teamone.de/selfaktuell/')
- Note(3,1,'JavaScript','')
- Note(4,3, 'Netscape Guide 1.3','http://developer.netscape.com/docs/manuals/js/client/jsguide/index.htm')
- Note(7,3, 'Introduction to Javascript','http://rummelplatz.uni-mannheim.de/~skoch/js/script.htm')
- Note(12,1, 'Perl','')
- Note(14,12, 'Perl Tutorial','http://www.awu.id.ethz.ch/~didi/perl/perl_start.html')
- Note(13,1,'SQL','')
- Note(15,13, 'Introduction to SQL','http://w3.one.net/~jhoffman/sqltut.htm')
- Note(111,1, 'Introduction to SQL','http://w3.one.net/~jhoffman/sqltut.htm')
- Note(2,0, 'Reference Manuals','')
- Note(11,2, 'HTML Version 3.2 Referenz','http://www.cls-online.de/htmlref/index.htm')
- Note(6,2,'Netscape Reference 1.3','http://developer.netscape.com/docs/manuals/js/client/jsref/index.htm')
- Note(17,2,'PHP Manual','http://www.php.net/manual/html/')
- treeTyp[0] = 'f'
- treeIsOn[0] = true
- treeWasOn[0] = true
- }
-
- var idx=0
- initArray()
- initIndex()
- load_all()
- for( i=1; i<idx; i++ )
- {
- treeDeep[i] = knotDeep( treeId[i] )
- if ( treeDeep[i] == 0 )
- treeIsShown[i] = true
- }
- if ( isDomNN )
- initStyles();
- //-->
- </SCRIPT>
-</HEAD>
-<BODY VLINK="#000000" ALINK="#000000" LINK="#000000" BGCOLOR="#ffffff" TEXT="#000000"
- onLoad="if (layerok) showTree();mod_treeGDE();"
- MARGINHEIGHT="0" MARGINWIDTH="0" LEFTMARGIN="0" TOPMARGIN="0">
-<SCRIPT language="JavaScript1.2">
-<!--
- initDiv()
- //hideLayer("sitemapinfo")
-//-->
-</SCRIPT>
-</BODY>
-</HTML>
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/map.php
===================================================================
--- tags/2.4.4/http/javascripts/map.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/map.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -41,8 +41,11 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$mb_sql = "SELECT DISTINCT e_js_file, e_id, e_src, e_target, e_pos FROM gui_element WHERE e_public = 1 AND fkey_gui_id = '".$_REQUEST["gui_id"]."' ORDER BY e_pos";
-$mb_res = db_query($mb_sql);
+$mb_sql = "SELECT DISTINCT e_js_file, e_id, e_src, e_target, e_pos ";
+$mb_sql .= "FROM gui_element WHERE e_public = 1 AND fkey_gui_id = $1 ORDER BY e_pos";
+$v = array($_REQUEST["gui_id"]);
+$t = array("s");
+$mb_res = db_prep_query($mb_sql, $v, $t);
//$mb_cnt = 0;
while($row_js = db_fetch_array($mb_res)){
if($row_js["e_js_file"] != ""){
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromList.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromList.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromList.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,5 @@
<?php
-# $Id: mod_addWMSfromList.php 76 2006-08-15 12:25:34Z heuser $
+# $Id$
# http://www.mapbender.org/index.php/mod_addWMSfromList.php
# Copyright (C) 2002 CCGIS
#
@@ -110,14 +110,18 @@
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui .= ",";}
- $sql_gui .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui .= ",";
+ }
+ $sql_gui .= "$" . $i;
+ array_push($t, "s");
}
$sql_gui.= ") ORDER BY gui_name";
-$res_gui = db_query($sql_gui);
+$res_gui = db_prep_query($sql_gui, $v, $t);
while($row = db_fetch_array($res_gui)){
$gui_id[$cnt_gui] = $row["gui_id"];
$gui_name[$cnt_gui] = $row["gui_name"];
@@ -127,14 +131,18 @@
/*get allocated wms from allocated gui ********************************************************************************************/
$sql_gui_wms = "SELECT DISTINCT fkey_wms_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui_wms .= ",";}
- $sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui_wms .= ",";
+ }
+ $sql_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_gui_wms.= ") ORDER BY fkey_wms_id";
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
while($row = db_fetch_array($res_gui_wms)){
$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -144,15 +152,19 @@
/*get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
$sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities,wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
- if($i>0){ $sql_wms .= ",";}
- $sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+ if ($i > 1) {
+ $sql_wms .= ",";
+ }
+ $sql_wms .= "$" . $i;
+ array_push($t, "s");
}
#$sql_wms.= ") ORDER BY wms_id";
$sql_wms.= ") ORDER BY wms_title";
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
while($row = db_fetch_array($res_wms)){
$wms_title[$cnt_wms] = $row["wms_title"];
$wms_abstract[$cnt_wms] = $row["wms_abstract"];
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredList.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromfilteredList.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredList.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -247,14 +247,20 @@
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
+$v = $arrayGuis;
+$t = array();
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui .= ",";}
- $sql_gui .= "'".$arrayGuis[$i]."'";
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui .= ",";
+ }
+ $sql_gui .= "$" . $i;
+ array_push($t, "s");
}
$sql_gui.= ") ORDER BY gui_name";
-$res_gui = db_query($sql_gui);
+
+$res_gui = db_prep_query($sql_gui, $v, $t);
while($row = db_fetch_array($res_gui)){
$gui_id[$cnt_gui] = $row["gui_id"];
$gui_name[$cnt_gui] = $row["gui_name"];
@@ -266,14 +272,18 @@
/*get allocated wms from allocated gui ********************************************************************************************/
$sql_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui_wms .= ",";}
- $sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui_wms .= ",";
+ }
+ $sql_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_gui_wms.= ") ORDER BY fkey_wms_id";
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
while($row = db_fetch_array($res_gui_wms)){
$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -283,14 +293,18 @@
/*get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
$sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
- if($i>0){ $sql_wms .= ",";}
- $sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+ if ($i > 1) {
+ $sql_wms .= ",";
+ }
+ $sql_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_wms.= ") ORDER BY wms_title";
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
while($row = db_fetch_array($res_wms)){
$wms_title[$cnt_wms] = $row["wms_title"];
$wms_abstract[$cnt_wms] = $row["wms_abstract"];
@@ -324,8 +338,10 @@
#if (isset($show_group_wms))
if (!empty($show_group_wms)){
/*get gui goup ********************************************************************************************/
- $sql_gui_mb_group = "SELECT fkey_gui_id, fkey_mb_group_id FROM gui_mb_group WHERE fkey_mb_group_id='".$show_group_wms."'";
- $res_gui_mb_group = db_query($sql_gui_mb_group);
+ $sql_gui_mb_group = "SELECT fkey_gui_id, fkey_mb_group_id FROM gui_mb_group WHERE fkey_mb_group_id=$1";
+ $v = array($show_group_wms);
+ $t = array("s");
+ $res_gui_mb_group = db_prep_query($sql_gui_mb_group, $v, $t);
while($row = db_fetch_array($res_gui_mb_group)){
$group_gui_id[$cnt_gui_mb_group] = $row["fkey_gui_id"];
@@ -339,13 +355,18 @@
/*get group gui WMS ********************************************************************************************/
if(count($group_gui_id)>0) {
$sql_fkey_group_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
- for($i=0; $i<count($group_gui_id); $i++){
- if($i>0){ $sql_fkey_group_gui_wms .= ",";}
- $sql_fkey_group_gui_wms .= "'".$group_gui_id[$i]."'";
+ $v = $group_gui_id;
+ $t = array();
+ for ($i = 1; $i <= count($group_gui_id); $i++){
+ if ($i > 1) {
+ $sql_fkey_group_gui_wms .= ",";
+ }
+ $sql_fkey_group_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_fkey_group_gui_wms.= ") ORDER BY fkey_wms_id";
- $res_fkey_group_gui_wms = db_query($sql_fkey_group_gui_wms);
+ $res_fkey_group_gui_wms = db_prep_query($sql_fkey_group_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_group_gui_wms)){
$fkey_group_gui_gui_id[$cnt_fkey_group_gui_wms] = $row["fkey_gui_id"];
$fkey_group_gui_wms_id[$cnt_fkey_group_gui_wms] = $row["fkey_wms_id"];
@@ -358,14 +379,18 @@
/*group: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_group_gui_wms_id)>0){
$sql_group_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_group_gui_wms_id); $i++){
- if($i>0){ $sql_group_gui_wms .= ",";}
- $sql_group_gui_wms .= "'".$fkey_group_gui_wms_id[$i]."'";
+ $v = $fkey_group_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_group_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_group_gui_wms .= ",";
+ }
+ $sql_group_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_group_gui_wms.= ") ORDER BY wms_title";
- $res_group_gui_wms = db_query($sql_group_gui_wms);
+ $res_group_gui_wms = db_prep_query($sql_group_gui_wms, $v, $t);
while($row = db_fetch_array($res_group_gui_wms)){
$group_wms_title[$cnt_group_gui_wms] = $row["wms_title"];
$group_wms_abstract[$cnt_group_gui_wms] = $row["wms_abstract"];
@@ -383,8 +408,10 @@
#if ($show_group_wms > 0)
if ($cnt_group_gui_wms > 0){
/*get goup name for showing in the table ********************************************************************************************/
- $sql_group_name = "SELECT mb_group_id, mb_group_name FROM mb_group WHERE mb_group_id ='".$show_group_wms."'";
- $res_group_name = db_query($sql_group_name);
+ $sql_group_name = "SELECT mb_group_id, mb_group_name FROM mb_group WHERE mb_group_id = $1";
+ $v = array($show_group_wms);
+ $t = array("s");
+ $res_group_name = db_prep_query($sql_group_name, $v, $t);
while($row = db_fetch_array($res_group_name)){
$group_name_table[$cnt_group_name] = $row["mb_group_name"];
$my_group_id_table[$cnt_group_name] = $row["mb_group_id"];
@@ -426,10 +453,12 @@
/*show gui wms ********************************************************************************************/
if (!empty($show_gui_wms)){
/*get group gui WMS ********************************************************************************************/
- $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$show_gui_wms."'";
+ $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
+ $v = array($show_gui_wms);
+ $t = array("s");
#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
- $res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+ $res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_show_gui_wms)){
$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -441,14 +470,18 @@
/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_show_gui_wms_id)>0){
$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
- if($i>0){ $sql_show_gui_wms .= ",";}
- $sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+ $v = $fkey_show_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_show_gui_wms .= ",";
+ }
+ $sql_show_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_show_gui_wms.= ") ORDER BY wms_title";
- $res_show_gui_wms = db_query($sql_show_gui_wms);
+ $res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_show_gui_wms)){
$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -466,8 +499,10 @@
if ($cnt_show_gui_wms > 0){
/*get selected gui name for table caption ********************************************************************************************/
- $sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$show_gui_wms."'";
- $res_gui_table = db_query($sql_gui_table);
+ $sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+ $v = array($show_gui_wms);
+ $t = array("s");
+ $res_gui_table = db_prep_query($sql_gui_table, $v, $t);
while($row = db_fetch_array($res_gui_table)){
$gui_id_table[$cnt_gui_table] = $row["gui_id"];
$gui_name_table[$cnt_gui_table] = $row["gui_name"];
@@ -513,10 +548,11 @@
/*show gui wms ********************************************************************************************/
if (!empty($show_gui_configured_wms)){
/*get group gui WMS ********************************************************************************************/
- $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$show_gui_configured_wms."'";
+ $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
-
- $res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+ $v = array($show_gui_configured_wms);
+ $t = array("s");
+ $res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_show_gui_wms)){
$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -528,14 +564,18 @@
/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_show_gui_wms_id)>0){
$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
- if($i>0){ $sql_show_gui_wms .= ",";}
- $sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+ $v = $fkey_show_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_show_gui_wms .= ",";
+ }
+ $sql_show_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_show_gui_wms.= ") ORDER BY wms_title";
- $res_show_gui_wms = db_query($sql_show_gui_wms);
+ $res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_show_gui_wms)){
$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -553,8 +593,10 @@
if ($cnt_show_gui_wms > 0){
/*get selected gui name for table caption ********************************************************************************************/
- $sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$show_gui_configured_wms."'";
- $res_gui_table = db_query($sql_gui_table);
+ $sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+ $v = array($show_gui_configured_wms);
+ $t = array("s");
+ $res_gui_table = db_prep_query($sql_gui_table, $v, $t);
while($row = db_fetch_array($res_gui_table)){
$gui_id_table[$cnt_gui_table] = $row["gui_id"];
$gui_name_table[$cnt_gui_table] = $row["gui_name"];
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredListDB.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromfilteredListDB.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredListDB.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,5 @@
<?php
-# $Id: mod_addWMSfromfilteredList.php 1274 2007-04-25 07:01:08Z christoph $
+# $Id$
# http://www.mapbender.org/index.php/mod_addWMSfromfilteredList.php
# Copyright (C) 2002 CCGIS
#
@@ -101,14 +101,18 @@
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui .= ",";}
- $sql_gui .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui .= ",";
+ }
+ $sql_gui .= "$" . $i;
+ array_push($t, "s");
}
$sql_gui.= ") ORDER BY gui_name";
-$res_gui = db_query($sql_gui);
+$res_gui = db_prep_query($sql_gui, $v, $t);
while($row = db_fetch_array($res_gui)){
$gui_id[$cnt_gui] = $row["gui_id"];
$gui_name[$cnt_gui] = $row["gui_name"];
@@ -120,14 +124,18 @@
/*get allocated wms from allocated gui ********************************************************************************************/
$sql_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui_wms .= ",";}
- $sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++) {
+ if ($i > 1) {
+ $sql_gui_wms .= ",";
+ }
+ $sql_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_gui_wms.= ") ORDER BY fkey_wms_id";
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
while($row = db_fetch_array($res_gui_wms)){
$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -137,14 +145,18 @@
/*get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
$sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
- if($i>0){ $sql_wms .= ",";}
- $sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+ if ($i > 1) {
+ $sql_wms .= ",";
+ }
+ $sql_wms .= "$" . $i;
+ array_push($t, "s");
}
$sql_wms.= ") ORDER BY wms_title";
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
while($row = db_fetch_array($res_wms)){
$wms_title[$cnt_wms] = $row["wms_title"];
$wms_abstract[$cnt_wms] = $row["wms_abstract"];
@@ -181,10 +193,12 @@
echo "<input type='button' class='wms_button' name='wms2' value='" . $selectOtherGuiText . "' onclick = 'mod_show_gui()'></td>";
/*get group gui WMS ********************************************************************************************/
- $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$wms_show."'";
+ $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
- $res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+ $v = array($wms_show);
+ $t = array("s");
+ $res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_show_gui_wms)){
$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -196,14 +210,18 @@
/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_show_gui_wms_id)>0){
$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
- if($i>0){ $sql_show_gui_wms .= ",";}
- $sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+ $v = $fkey_show_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_show_gui_wms .= ",";
+ }
+ $sql_show_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_show_gui_wms.= ") ORDER BY wms_title";
- $res_show_gui_wms = db_query($sql_show_gui_wms);
+ $res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_show_gui_wms)){
$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -221,8 +239,10 @@
if ($cnt_show_gui_wms > 0){
/*get selected gui name for table caption ********************************************************************************************/
- $sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$wms_show."'";
- $res_gui_table = db_query($sql_gui_table);
+ $sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+ $v = array($wms_show);
+ $t = array("s");
+ $res_gui_table = db_prep_query($sql_gui_table, $v, $t);
while($row = db_fetch_array($res_gui_table)){
$gui_id_table[$cnt_gui_table] = $row["gui_id"];
$gui_name_table[$cnt_gui_table] = $row["gui_name"];
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_digitize_tab.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_digitize_tab.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_digitize_tab.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -641,43 +641,74 @@
smP += "<div class='t_img'>";
smP += "<img src='"+parent.mb_trans.src+"' width='0' height='"+mod_digitize_height+"'></div>";
- for(var i=0; i<d.count(); i++){
- if (!nonTransactionalEditable && !isTransactional(d.get(i))) {
- nonTransactionalHighlight.add(d.get(i), nonTransactionalColor);
+ if (!nonTransactionalEditable) {
+ nonTransactionalHighlight.clean();
+ }
+ var smPArray = [];
+ smPArray[smPArray.length] = "<div class='t_img'>"
+ + "<img src='"+parent.mb_trans.src+"' width='"+mod_digitize_width+"' height='0'></div>"
+ + "<div class='t_img'>"
+ + "<img src='"+parent.mb_trans.src+"' width='0' height='"+mod_digitize_height+"'></div>";
+
+ var mapObj = parent.mb_mapObj[parent.getMapObjIndexByName(mod_digitize_target)];
+ var width = mapObj.width;
+ var height = mapObj.height;
+ var isMoveOrInsertOrDelete = mod_digitizeEvent == button_move || mod_digitizeEvent == button_insert || mod_digitizeEvent == button_delete;
+ var minDist = 5;
+
+ for(var i=0, lenGeomArray = d.count(); i < lenGeomArray; i++){
+ var currentGeomArray = d.get(i);
+
+ if (!nonTransactionalEditable && !isTransactional(currentGeomArray)) {
+ nonTransactionalHighlight.add(currentGeomArray, nonTransactionalColor);
}
else {
- for(var j=0; j<d.get(i).count(); j++){
- for(var k = 0; k < d.getGeometry(i,j).count(); k++){
- var pos = parent.makeRealWorld2mapPos(mod_digitize_target,d.getPoint(i,j,k).x,d.getPoint(i,j,k).y);
-
- if (!d.getGeometry(i,j).isComplete() &&
- ( (k == 0 && d.get(i).geomType == parent.geomType.polygon) || (k == d.getGeometry(i,j).count()-1 && d.get(i).geomType == parent.geomType.line))) {
- smP += "<div class='bp' style='top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;z-index:"+digitizeTransactionalZIndex+";background-color:"+linepointColor+"'";
+ for(var j=0, lenGeom = currentGeomArray.count(); j < lenGeom ; j++){
+ var currentGeometry = d.getGeometry(i,j);
+ var isPolygon = currentGeomArray.geomType == parent.geomType.polygon;
+ var isLine = currentGeomArray.geomType == parent.geomType.line;
+ var isComplete = currentGeometry.isComplete();
+ var lastPaintedPoint = false;
+
+ for(var k = 0, lenPoint = currentGeometry.count(); k < lenPoint; k++){
+ var currentPoint = currentGeometry.get(k);
+ var currentPointMap = parent.realToMap(mod_digitize_target, currentPoint)
+
+ var isTooCloseToPrevious = lastPaintedPoint && (k > 0) && (Math.abs(currentPointMap.x-lastPaintedPoint.x) <= minDist && Math.abs(currentPointMap.y-lastPaintedPoint.y) <= minDist);
+ if (!isTooCloseToPrevious) {
+ var currentPointIsVisible = currentPointMap.x > 0 && currentPointMap.x < width && currentPointMap.y > 0 && currentPointMap.y < height;
+ if (currentPointIsVisible) {
+ if (!isComplete && ((k == 0 && isPolygon) || (k == lenPoint-1 && isLine))) {
+ smPArray[smPArray.length] = "<div class='bp' style='top:"+
+ (currentPointMap.y-2)+"px;left:"+(currentPointMap.x-2)+"px;z-index:"+
+ digitizeTransactionalZIndex+";background-color:"+linepointColor+"'";
+ }
+ else {
+ smPArray[smPArray.length] = "<div class='bp' style='top:"+(currentPointMap.y-2)+"px;left:"+(currentPointMap.x-2)+"px;z-index:"+digitizeTransactionalZIndex+";'";
+ }
+ if(k==0 && isPolygon && !isComplete){
+ smPArray[smPArray.length] = " title='"+closePolygon_title+"' ";
+ }
+ if(isMoveOrInsertOrDelete) {
+ smPArray[smPArray.length] = " onmouseover='parent.window.frames[\""+mod_digitize_elName+"\"].handleBasepoint(this,"+i+","+j+","+k+")' ;";
+ }
+ smPArray[smPArray.length] = "></div>";
+ lastPaintedPoint = currentPointMap;
+ }
+ if (k > 0) {
+ points = parent.calculateVisibleDash(currentPointMap, previousPointMap, width, height);
+ if (points != false) {
+ smPArray[smPArray.length] = evaluateDashes(points[0], points[1], i, j, k);
+ }
+ }
}
- else {
- smP += "<div class='bp' style='top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;z-index:"+digitizeTransactionalZIndex+";'";
- }
- if(j==0 && d.get(i).geomType == parent.geomType.polygon && !d.getGeometry(i,j).isComplete()){
- smP += " title='"+closePolygon_title+"' ";
- }
- if(mod_digitizeEvent == button_move || mod_digitizeEvent == button_insert || mod_digitizeEvent == button_delete) {
- smP += " onmouseover='parent.window.frames[\""+mod_digitize_elName+"\"].handleBasepoint(this,"+i+","+j+","+k+")' ;";
- }
- smP += "></div>";
+ var previousPointMap = currentPointMap;
}
- var mapObjInd = parent.getMapObjIndexByName(mod_digitize_target);
- for(var k = 1; k < d.getGeometry(i,j).count(); k++){
- var p0 = parent.realToMap(mod_digitize_target, d.getPoint(i,j,k));
- var p1 = parent.realToMap(mod_digitize_target, d.getPoint(i,j,k-1));
- points = parent.calculateVisibleDash(p0, p1, parent.mb_mapObj[mapObjInd].width, parent.mb_mapObj[mapObjInd].height);
- if (points != false) {
- smP += evaluateDashes(points[0], points[1], i, j, k);
- }
- }
}
}
}
- digitizeDivTag.write(smP);
+ digitizeDivTag.write(smPArray.join(""));
+
}
function evaluateDashes(start, end, memberIndex, geomIndex, pointIndex){
Deleted: branches/2.4.5/2.4.4_leak/http/javascripts/mod_measure4326.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_measure4326.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_measure4326.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,251 +0,0 @@
-<?php
-# $Id: mod_measure.php 267 2006-05-12 12:16:01Z vera_schulze $
-# http://www.mapbender.org/index.php/mod_measure.php
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-
-$gui_id = $_REQUEST["gui_id"];
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'measure' AND fkey_gui_id = $1";
-$v = array($gui_id);
-$t = array('s');
-$res = db_prep_query($sql, $v, $t);
-$cnt = 0;
-while($row = db_fetch_array($res)){
- $e_src = $row["e_src"];
- $e_target = $row["e_target"];
- $cnt++;
-}
-if($cnt > 1){
- echo "alert('measure: ID not unique!');";
-}
-echo "var mod_measure_target = '".$e_target."';";
-
-require_once("ajax_jquery.js");
-$e_id_css = "measure";
-include '../include/dyn_js.php';
-?>
-
-var mod_measure_color1 = "white";
-var mod_measure_color2 = "black";
-var mod_measure_font = "Arial, Helvetica, sans-serif";
-var mod_measure_fontsize = "9px";
-var mod_measure_basepoint = "#8a2be2";
-var mod_measure_linepoint = "#ff00ff";
-var mod_measure_bg = "";
-var mod_measure_pgsql = true;
-
-var mod_measure_win = null;
-
-var mod_measure_elName = "measure";
-var mod_measure_frameName = "";
-var mod_measure_epsg;
-var mod_measure_width;
-var mod_measure_height;
-var dist = false;
-var mod_measure_RX = new Array();
-var mod_measure_RY = new Array();
-var mod_measure_Dist = new Array();
-var mod_measure_TotalDist = new Array();
-var mod_measureSubFunctions = new Array();
-
-var mod_measure_img_on = new Image(); mod_measure_img_on.src = "<?php echo preg_replace("/_off/","_on",$e_src); ?>";
-var mod_measure_img_off = new Image(); mod_measure_img_off.src = "<?php echo $e_src; ?>";
-var mod_measure_img_over = new Image(); mod_measure_img_over.src = "<?php echo preg_replace("/_off/","_over",$e_src); ?>";
-
-function init_mod_measure(ind){
- mb_button[ind] = document.getElementById(mod_measure_elName);
- mb_button[ind].img_over = mod_measure_img_over.src;
- mb_button[ind].img_on = mod_measure_img_on.src;
- mb_button[ind].img_off = mod_measure_img_off.src;
- mb_button[ind].status = 0;
- mb_button[ind].elName = mod_measure_elName;
- mb_button[ind].fName = mod_measure_frameName;
- mb_button[ind].go = new Function ("mod_measure_go()");
- mb_button[ind].stop = new Function ("mod_measure_disable()");
- var ind = getMapObjIndexByName(mod_measure_target);
- mod_measure_width = mb_mapObj[ind].width;
- mod_measure_height = mb_mapObj[ind].height;
- mod_measure_epsg = mb_mapObj[ind].epsg;
- mb_registerSubFunctions("drawDashedLine()");
- mb_registerPanSubElement("measuring");
-}
-function register_measureSubFunctions(stringFunction){
- mod_measureSubFunctions[mod_measureSubFunctions.length] = stringFunction;
-}
-function mod_measure_go(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = mod_measure_start;
- //el.onmousemove = mod_measure_run;
- var measureSub = "";
- for(var i=0; i<mod_measureSubFunctions.length; i++){
- measureSub += eval(mod_measureSubFunctions[i]);
- }
- writeTag(mod_measure_target,"measure_sub",measureSub);
-}
-function mod_measure_disable(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = null;
- el.onmousemove = null;
- writeTag(mod_measure_target,"measure_display","");
- writeTag(mod_measure_target,"measure_sub","");
-}
-function mod_measure_timeout(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = null;
- el.ondblclick = null;
- el.onmousemove = null;
-}
-function mod_measure_disableTimeout(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = mod_measure_start;
- //el.onmousemove = mod_measure_run;
-}
-function use_dist() {
- if(dist != false){
- mod_measure_Dist[mod_measure_Dist.length] = dist;
- var totalDist = mod_measure_TotalDist[mod_measure_TotalDist.length-1] + dist;
- mod_measure_TotalDist[mod_measure_TotalDist.length] = Math.round(totalDist * 100)/100;
-
- }
- drawDashedLine();
- dist = false;
-}
-function mod_measure_start(e){
- mb_getMousePos(e,mod_measure_target);
- var realWorldPos = my_makeClickPos2RealWorldPos(mod_measure_target,clickX,clickY);
-
- mod_measure_RX[mod_measure_RX.length] = realWorldPos[0];
- mod_measure_RY[mod_measure_RY.length] = realWorldPos[1];
-
- if(mod_measure_RX.length > 1){
-
- convert_coords(mod_measure_RX[mod_measure_RX.length-2],mod_measure_RY[mod_measure_RY.length-2],mod_measure_RX[mod_measure_RX.length-1],mod_measure_RY[mod_measure_RY.length-1],inputEPSG);
- }
- else{
- mod_measure_Dist[mod_measure_Dist.length] = 0;
- mod_measure_TotalDist[mod_measure_TotalDist.length] = 0;
- drawDashedLine();
- }
-}
-function drawDashedLine(){
- var str_mPoints = "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='"+mod_measure_width+"' height='0'></div>";
- str_mPoints += "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='0' height='"+mod_measure_height+"'></div>";
- for(var i=0; i<mod_measure_RX.length; i++){
- var pos = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[i],mod_measure_RY[i]);
- str_mPoints += "<div style='font-size:1px;position:absolute;top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;width:4px;height:4px;background-color:"+mod_measure_basepoint+"'></div>";
- if(i>0){
- str_mPoints += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color1+";";
- if(mod_measure_bg != ""){
- str_mPoints += "background-color:"+mod_measure_bg+";";
- }
- str_mPoints += "position:absolute;top:"+(pos[1] + 3)+"px;left:"+(pos[0]+3)+"px;z-index:20'>"+mod_measure_TotalDist[i]+"</div>";
- str_mPoints += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color2+";position:absolute;top:"+(pos[1] + 4)+"px;left:"+(pos[0]+4)+"px;z-index:21'>"+mod_measure_TotalDist[i]+"</div>";
- }
- }
- if(mod_measure_RX.length>1){
- for(var k=1; k<mod_measure_RX.length; k++){
- var pos0 = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[k], mod_measure_RY[k]);
- var pos1 = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[k-1], mod_measure_RY[k-1]);
-
- str_mPoints += evaluateDashes(pos1[0],pos1[1],pos0[0],pos0[1],k);
- }
- }
- writeTag(mod_measure_target,"measuring",str_mPoints);
-}
-function evaluateDashes(x1,y1,x2,y2,count){
- var str_dashedLine = "";
- var s = 10;
- var d = Math.sqrt(Math.pow((y1-y2),2) + Math.pow((x1-x2),2)) ;
- var n = Math.round(d/s);
- var s_x = (x2 - x1)/n;
- var s_y = (y2 - y1)/n;
- for(var i=1; i<n; i++){
- var x = Math.round(x1 + i * s_x)-2;
- var y = Math.round(y1 + i * s_y)-2;
- if(x >= 0 && x <= mod_measure_width && y >= 0 && y <= mod_measure_height){
- str_dashedLine += "<div style='font-size:1px;position:absolute;top:"+y+"px;left:"+x+"px;width:4px;height:4px;background-color:"+mod_measure_linepoint+"'></div>";
- }
- }
- str_dashedLine += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color1+";";
- if(mod_measure_bg != ""){
- str_dashedLine += "background-color:"+mod_measure_bg+";";
- }
- str_dashedLine += "position:absolute;top:"+(Math.round(y1 + (y2-y1)/2 +3))+"px;left:"+(Math.round(x1 + (x2-x1)/2 +3))+"px'>"+mod_measure_Dist[count]+"</div>";
- str_dashedLine += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color2+";position:absolute;top:"+(Math.round(y1 + (y2-y1)/2 + 4))+"px;left:"+(Math.round(x1 + (x2-x1)/2+4))+"px'>"+mod_measure_Dist[count]+"</div>";
- return str_dashedLine;
-}
-function mod_measure_close(){
- if(mod_measure_RX.length < 3 || (mod_measure_RX[mod_measure_RX.length-1] == mod_measure_RX[0] && mod_measure_RY[mod_measure_RY.length-1] == mod_measure_RY[0])){return;}
- mod_measure_RX[mod_measure_RX.length] = mod_measure_RX[0];
- mod_measure_RY[mod_measure_RY.length] = mod_measure_RY[0];
- if(mod_measure_RX.length > 1){
- // circumference
- convert_coords(mod_measure_RX[mod_measure_RX.length-2],mod_measure_RY[mod_measure_RY.length-2],mod_measure_RX[mod_measure_RX.length-1],mod_measure_RY[mod_measure_RY.length-1],inputEPSG);
- }
- else{
- mod_measure_Dist[mod_measure_Dist.length] = 0;
- mod_measure_TotalDist[mod_measure_TotalDist.length] = 0;
- drawDashedLine();
- }
-}
-function mod_measure_delete(){
- mod_measure_RX = new Array();
- mod_measure_RY = new Array();
- mod_measure_Dist = new Array();
- mod_measure_TotalDist = new Array();
- dist = false;
- writeTag(mod_measure_target,"measuring","");
- writeTag(mod_measure_target,"measure_display","");
-}
-function my_makeClickPos2RealWorldPos(frameName, myClickX, myClickY) {
- var ind = getMapObjIndexByName(frameName);
- var width = parseInt(mb_mapObj[ind].width);
- var height = parseInt(mb_mapObj[ind].height);
- var arrayBBox = mb_mapObj[ind].extent.split(",");
- var minX = parseFloat(arrayBBox[0]);
- var minY = parseFloat(arrayBBox[1]);
- var maxX = parseFloat(arrayBBox[2]);
- var maxY = parseFloat(arrayBBox[3]);
- var xtentx = maxX - minX;
- var xtenty = maxY - minY;
- var posX = parseFloat(minX + (myClickX / width) * xtentx);
- var posY = parseFloat(maxY - (myClickY / height) * xtenty);
- return new Array(posX, posY);
-}
-function convert_coords(x1,y1,x2,y2,inputEPSG){
-
- $.post(
- // zielurl
- '../javascripts/transform_coordinatesWGS84.php',
- // parameter fuer diese datei
- {
- 'x1' : x1,
- 'y1' : y1,
- 'x2' : x2,
- 'y2' : y2,
- 'inputEPSG' : inputEPSG
- },
- // callback function
- function(xml){
- dist = Math.round(parseFloat(xml));
- use_dist();
- }
- );
-}
\ No newline at end of file
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_sandclock2.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_sandclock2.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_sandclock2.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -25,7 +25,7 @@
$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'sandclock2' AND fkey_gui_id = $1";
$v = array($gui_id);
$t = array('s');
-$res = db_query($sql, $v, $t);
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = db_result($res,0,"e_target");
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_setPOI2Scale.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_setPOI2Scale.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_setPOI2Scale.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -21,8 +21,10 @@
include("../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'setPOI2Scale' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'setPOI2Scale' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_wfs_SpatialRequest.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_wfs_SpatialRequest.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_wfs_SpatialRequest.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,478 +1,480 @@
-<?php
-#$Id: mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
-#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-session_start();
-import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
-require_once("../../conf/mapbender.conf");
-require_once("../../conf/wfs_default.conf");
-$con = db_connect(DBSERVER,OWNER,PW);
-db_select_db(DB,$con);
-
-$gui_id = $_REQUEST["gui_id"];
-$e_id_css = "setSpatialRequest";
-
-$wfs_conf_filename = "wfs_default.conf";
-include '../include/dyn_php.php';
-include("../../conf/" . $wfs_conf_filename);
-
-include '../include/dyn_js.php';
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'setSpatialRequest' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
-$cnt = 0;
-while($row = db_fetch_array($res)){
- $e_src = $row["e_src"];
- $e_target = $row["e_target"];
- $cnt++;
-}
-if($cnt > 1){ echo "alert('setExtRequest: ID not unique!');\n";}
-echo "var mod_wfs_spatialRequest_target = '".$e_target."';\n";
-?>
-
-var wfsAreaType_point = "point";
-var wfsAreaType_polygon = "polygon";
-var wfsAreaType_rectangle = "rectangle";
-var wfsAreaType_extent = "extent";
-var wfsAreaType_current = "";
-
-var mod_wfs_spatialRequest_frameName = "";
-var mod_wfs_spatialRequest_epsg;
-var mod_wfs_spatialRequest_width;
-var mod_wfs_spatialRequest_height;
-
-var mod_wfs_spatialRequest_bg = "";
-var mod_wfs_spatialRequest_pgsql = true;
-var mod_wfs_spatialRequest_win = null;
-var mod_wfs_spatialRequest_thema = false;
-
-var button_point = "point";
-var button_polygon = "polygon";
-var button_rectangle = "rectangle";
-var button_extent = "extent";
-var button_dialogue = "dialogue";
-var mb_wfs_tolerance = 8;
-
-var activeButton = null;
-var mod_wfs_spatialRequest_geometry = null;
-var mod_wfs_spatialRequestSubFunctions = [];
-
-
-// ------------------------------------------------------------------------------------------
-// ------------ button handling -------------------------------------------------------------
-
-function displayButtons() {
- for (var i = 0 ; i < buttonWfs_id.length ; i ++) {
- if (parseInt(buttonWfs_on[i])==1) {
- document.write("<div id='div_"+buttonWfs_id[i]+"' style='position:absolute; top:"+buttonWfs_y[i]+"; left:"+buttonWfs_x[i]+"; z-index:"+buttonWfs_zIndex+"'><img name=\""+buttonWfs_id[i]+"\" onmouseover=\"mb_regButton_frame('initWfsButton', null, "+i+");\" id=\""+buttonWfs_id[i]+"\" title=\""+buttonWfs_title_off[i]+"\" src=\""+buttonWfs_imgdir+buttonWfs_src[i]+"\"></div>");
- }
- }
-}
-
-function initWfsButton(ind, pos) {
- mb_button[ind] = document.getElementById(buttonWfs_id[pos]);
- mb_button[ind].img_over = buttonWfs_imgdir + buttonWfs_src[pos].replace(/_off/,"_over");
- mb_button[ind].img_on = buttonWfs_imgdir + buttonWfs_src[pos].replace(/_off/,"_on");
- mb_button[ind].img_off = buttonWfs_imgdir + buttonWfs_src[pos];
- mb_button[ind].status = 0;
- mb_button[ind].elName = buttonWfs_id[pos];
- mb_button[ind].fName = "";
- mb_button[ind].go = new Function ("wfsEnable(mb_button["+ind+"], " + pos + ")");
- mb_button[ind].stop = new Function ("wfsDisable(mb_button["+ind+"], " + pos + ")");
- var ind = getMapObjIndexByName(mod_wfs_spatialRequest_target);
- mod_wfs_spatialRequest_width = mb_mapObj[ind].width;
- mod_wfs_spatialRequest_height = mb_mapObj[ind].height;
- mod_wfs_spatialRequest_epsg = mb_mapObj[ind].epsg;
- mb_registerSubFunctions("drawDashedLineExt()");
- mb_registerPanSubElement("measuring");
-}
-
-function wfsEnable(obj) {
- if (obj.id == button_point) {
- if (activeButton == null) {
- activeButton = obj;
- }
- mod_wfs_spatialRequest_geometry = new Geometry(geomType.point);
- wfsAreaType_current = wfsAreaType_point;
- mod_wfs_spatialRequest_digitize_go(geomType.point);
- }
- if (obj.id == button_polygon) {
- if (activeButton == null) {
- activeButton = obj;
- }
- mod_wfs_spatialRequest_geometry = new Geometry(geomType.polygon);
- wfsAreaType_current = wfsAreaType_polygon;
- mod_wfs_spatialRequest_digitize_go(geomType.polygon);
- var measureSub = "";
- for(var i=0; i<mod_wfs_spatialRequestSubFunctions.length; i++){
- measureSub += eval(mod_wfs_spatialRequestSubFunctions[i]);
- }
- writeTag(mod_wfs_spatialRequest_target,"measure_sub",measureSub);
- }
- else if (obj.id == button_rectangle){
- if (activeButton == null) {
- activeButton = obj;
- }
- mod_wfs_spatialRequest_geometry = new Geometry(geomType.line);
- wfsAreaType_current = wfsAreaType_rectangle;
- mod_selAreaExt_click();
- }
- else if (obj.id == button_extent){
- if (activeButton == null) {
- activeButton = obj;
- }
- mod_wfs_spatialRequest_geometry = new Geometry(geomType.line);
- wfsAreaType_current = wfsAreaType_extent;
- var ind = getMapObjIndexByName(mod_wfs_spatialRequest_target);
- var p0 = mapToReal(mod_wfs_spatialRequest_target, new Point(0,0));
- var p1 = mapToReal(mod_wfs_spatialRequest_target, new Point(mb_mapObj[ind].width,mb_mapObj[ind].height));
- mod_wfs_spatialRequest_geometry.addPoint(p0);
- mod_wfs_spatialRequest_geometry.addPoint(p1);
- mod_getAreaExt_send();
- }
- else if (obj.id == button_dialogue) {
- activeButton = obj;
- mod_wfs_SpatialRequest_dialog();
- }
-}
-
-function wfsDisable(obj) {
- var el = window.frames[mod_wfs_spatialRequest_target].document;
- el.onmousedown = null;
- el.ondblclick = null;
- el.onmousemove = null;
- writeTag(mod_wfs_spatialRequest_target,"measure_display","");
- writeTag(mod_wfs_spatialRequest_target,"measure_sub","");
- activeButton = null;
-}
-
-// ------------------------------------------------------------------------------------------
-
-// ----------------------------------------------------------------------------------------------
-// -------------------- rectangle -----------------------------------------------------------------
-
-function mod_selAreaExt_click(){
- var el = window.frames[mod_wfs_spatialRequest_target].document;
- el.onmouseover = mod_selAreaExt_init;
- el.onmousedown = mod_box_start;
- el.onmouseup = mod_selAreaExt_get;
- el.onmousemove = mod_box_run;
-}
-function mod_selAreaExt_init(e){
- mb_isBF = mod_wfs_spatialRequest_target;
- mb_zF = mod_wfs_spatialRequest_target;
-}
-function mod_selAreaExt_get(e){
- mod_selAreaExt_setValidClipping(mod_box_stop(e));
- mb_isBF = mod_wfs_spatialRequest_target;
- mb_zF = mod_wfs_spatialRequest_target;
-}
-function mod_selAreaExt_setValidClipping(coords){
- if (mod_wfs_spatialRequest_geometry != null) {
- mod_wfs_spatialRequest_geometry.addPoint(new Point(coords[0],coords[1]));
- mod_wfs_spatialRequest_geometry.addPoint(new Point(coords[2],coords[3]));
-
- if(mod_wfs_spatialRequest_geometry.count() == 2){
- mod_getAreaExt_send();
- }
- else{
- alert(errorMessageInvalidExtent[selectedLanguage])
- mb_disableThisButton(activeButton.id);
- }
- }
-}
-// ----------------------------------------------------------------------------------------------
-
-
-// ----------------------------------------------------------------------------------------------
-// -------------------- polygon && point --------------------------------------------------------
-
-function mod_wfs_spatialRequest_digitize_go(geomType){
- if (geomType == geomType.polygon) {
- mod_wfs_spatialRequest_geometry = new Geometry(geomType.polygon);
- }
- s = new Snapping(mod_wfs_spatialRequest_target);
-
- var el = window.frames[mod_wfs_spatialRequest_target].document;
- el.onmousedown = mod_wfs_spatialRequest_start;
- el.onmousemove = mod_wfs_spatialRequest_run;
- var measureSub = "";
- for(var i=0; i<mod_wfs_spatialRequestSubFunctions.length; i++){
- measureSub += eval(mod_wfs_spatialRequestSubFunctions[i]);
- }
- writeTag(mod_wfs_spatialRequest_target,"measure_sub",measureSub);
-}
-
-// ---------------------------------------------------------------------------------------------
-
-function mod_wfs_spatialRequest_run(e) {
- if (mod_wfs_spatialRequest_geometry.count() >= 3) {
- mb_getMousePos(e,mod_wfs_spatialRequest_target);
- var pos = new Point(clickX,clickY).round(2);
- s.check(pos);
- }
-}
-
-function mod_wfs_spatialRequest_start(e){
- var realWorldPos;
- if (s.isSnapped() == true) {
- realWorldPos = s.getSnappedPoint();
- s.clean();
- }
- else {
- mb_getMousePos(e,mod_wfs_spatialRequest_target);
- realWorldPos = mapToReal(mod_wfs_spatialRequest_target,new Point(clickX,clickY)).round(2);
- }
-
- mod_wfs_spatialRequest_geometry.addPoint(realWorldPos);
-
- if (mod_wfs_spatialRequest_geometry.count() == 1) {
- s.add(mod_wfs_spatialRequest_geometry.get(0));
- }
- if (s.isSnapped() && mod_wfs_spatialRequest_geometry.count() >= 3 && mod_wfs_spatialRequest_geometry.get(-1).equals(mod_wfs_spatialRequest_geometry.get(0))) {
- mod_wfs_spatialRequest_geometry.close();
- mod_getAreaExt_send();
- return;
- }
-
- if(wfsAreaType_current == wfsAreaType_point){
- mod_getAreaExt_send();
- return;
- }
- drawDashedLineExt();
-}
-function drawDashedLineExt(){
- var str_mPoints = "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='"+mod_wfs_spatialRequest_width+"' height='0'></div>";
- str_mPoints += "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='0' height='"+mod_wfs_spatialRequest_height+"'></div>";
- if (mod_wfs_spatialRequest_geometry != null) {
- for(var i=0; i<mod_wfs_spatialRequest_geometry.count(); i++){
- var pos = realToMap(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry.get(i));
- str_mPoints += "<div style='font-size:1px;position:absolute;top:"+(pos.y-2)+"px;left:"+(pos.x-2)+"px;width:3px;height:3px;background-color:#ff0000'></div>";
- }
- if(mod_wfs_spatialRequest_geometry.count()>1){
- for(var k=1; k<mod_wfs_spatialRequest_geometry.count(); k++){
- var pos0 = realToMap(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry.get(k));
- var pos1 = realToMap(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry.get(k-1));
- str_mPoints += evaluateDashesExt(pos1,pos0,k);
- }
- }
- }
- writeTag(mod_wfs_spatialRequest_target,"measuring",str_mPoints);
-}
-function evaluateDashesExt(p1,p0,count){
- var str_dashedLine = "";
- var d = p0.dist(p1);
- var n = Math.round(d);
- var s = p0.minus(p1).dividedBy(n);
- for(var i=1; i<n; i++){
- var currPoint = p1.plus(s.times(i)).minus(new Point(2,2)).round(0);
- if(currPoint.x >= 0 && currPoint.x <= mod_wfs_spatialRequest_width && currPoint.y >= 0 && currPoint.y <= mod_wfs_spatialRequest_height){
- str_dashedLine += "<div style='font-size:1px;position:absolute;top:"+currPoint.y+"px;left:"+currPoint.x+"px;width:3px;height:3px;background-color:#ff0000'></div>";
- }
- }
- return str_dashedLine;
-}
-function mod_wfs_spatialRequest_close(){
- if(mod_wfs_spatialRequest_geometry.count() < 3){
- return;
- }
- mod_wfs_spatialRequest_geometry.closeGeometry();
- drawDashedLineExt();
- mod_getAreaExt_send();
-}
-
-function register_setExtRequestSubFunctions(stringFunction){
- mod_wfs_spatialRequestSubFunctions[mod_wfs_spatialRequestSubFunctions.length] = stringFunction;
-}
-
-function mod_getAreaExt_send(){
- mb_setwfsrequest(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry);
- mod_wfs_spatialRequest_delete();
- mb_disableThisButton(activeButton.id);
- mod_wfs_spatialRequest_geometry = null;
-}
-
-function mod_wfs_spatialRequest_delete(){
- writeTag(mod_wfs_spatialRequest_target,"measuring","");
- writeTag(mod_wfs_spatialRequest_target,"measure_display","");
-}
-
-function mod_wfs_spatialRequest_timeout(){
- var el = window.frames[mod_wfs_spatialRequest_target].document;
- el.onmousedown = null;
- el.ondblclick = null;
- el.onmousemove = null;
-}
-
-function mod_wfs_spatialRequest_disableTimeout(){
- var el = window.frames[mod_wfs_spatialRequest_target].document;
- el.onmousedown = mod_wfs_spatialRequest_start;
-}
-
-
-function isSetWfsResultToDigitize() {
- if (parseInt(buttonWfs_toDigitize_on)==1) return true;
- return false;
-}
-
-function mod_wfs_SpatialRequest_dialog(){
- if(!mod_wfs_spatialRequest_win || mod_wfs_spatialRequest_win == null || mod_wfs_spatialRequest_win.closed == true){
- mod_wfs_spatialRequest_win = window.open("","mod_wfs_spatialRequest_win","width=200,height=150,resizable=yes");
- mod_wfs_spatialRequest_win.document.open("text/html");
-
- mod_wfs_spatialRequest_win.document.writeln('<script language="JavaScript" type="text/javascript">');
- mod_wfs_spatialRequest_win.document.writeln('function set(obj){');
- mod_wfs_spatialRequest_win.document.writeln('for(var i=0; i< document.getElementsByName("geom").length; i++){');
- mod_wfs_spatialRequest_win.document.writeln('if(document.getElementsByName("geom")[i].checked){');
- mod_wfs_spatialRequest_win.document.writeln('window.opener.mod_setExtRequest_geom = document.getElementsByName("geom")[i].value;');
- mod_wfs_spatialRequest_win.document.writeln('}');
- mod_wfs_spatialRequest_win.document.writeln('}');
-// mod_wfs_spatialRequest_win.document.writeln('window.opener.mod_wfs_spatialRequest_geom = obj.value;');
- mod_wfs_spatialRequest_win.document.writeln('window.opener.wfsEnable(obj);');
- mod_wfs_spatialRequest_win.document.writeln('window.close();');
- mod_wfs_spatialRequest_win.document.writeln('return false; ');
- mod_wfs_spatialRequest_win.document.writeln('}');
- mod_wfs_spatialRequest_win.document.writeln('</script>');
-
- mod_wfs_spatialRequest_win.document.writeln("<form>");
- mod_wfs_spatialRequest_win.document.writeln("<input id='point' name='geom' type='radio' value='"+button_point+"' onclick='set(this)'> Punkt<br>");
- mod_wfs_spatialRequest_win.document.writeln("<input id='rectangle' name='geom' type='radio' value='"+button_rectangle+"' onclick='set(this)'> Rechteck<br>");
- mod_wfs_spatialRequest_win.document.writeln("<input id='polygon' name='geom' type='radio' value='"+button_polygon+"'onclick='set(this)'> Polygon<br>");
- mod_wfs_spatialRequest_win.document.writeln("<input id='extent' name='geom' type='radio' value='"+button_extent+"'onclick='set(this)'> Extent<br>");
- var checked = "";
-// if (mod_wfs_spatialRequest_useExtent) {
-// checked = " checked";
-// }
- //mod_wfs_spatialRequest_win.document.writeln("<input id='extent' name='geom' type='radio' value='extent' onclick='set(this)' " + checked + "> Extent<br>");
- mod_wfs_spatialRequest_win.document.writeln("</form>");
- mod_wfs_spatialRequest_win.document.close();
- }
- else{
- mod_wfs_spatialRequest_win.focus();
- }
-}
-
-function mb_setwfsrequest(target,queryGeom){
- //mb_wfs_reset();
- var ind = getMapObjIndexByName(target);
- var w = [];
- w_ = [];
- wfs_config = window.frames["wfs_conf"].get_wfs_conf();
- for (var i=0; i<mb_mapObj[ind].wms.length; i++){
- for(var ii=0; ii<mb_mapObj[ind].wms[i].objLayer.length; ii++){
- var o = mb_mapObj[ind].wms[i].objLayer[ii];
- if(o.gui_layer_wfs_featuretype != '' && o.gui_layer_querylayer == '1'){
- w[w.length] = o.gui_layer_wfs_featuretype;
- }
- }
- }
- for(var i=0; i<w.length; i++){
- for(var ii=0; ii<wfs_config.length; ii++){
- if(wfs_config[ii]['wfs_conf_id'] == w[i]) w_[w_.length] = ii;
- }
- }
-
- if(queryGeom.geomType==geomType.polygon){
- for(var i=0; i<w_.length; i++){
- var url = wfs_config[w_[i]]['wfs_getfeature'];
- url += "service=wfs&request=getFeature&version=1.0.0";
- url += "&typename="+ wfs_config[w_[i]]['featuretype_name'];
- url += "&filter=";
- var filter = '<ogc:Filter xmlns:ogc="http://ogc.org" xmlns:gml="http://www.opengis.net/gml">';
- filter += "<Within><ogc:PropertyName>";
- for(var j=0; j<wfs_config[w_[i]]['element'].length; j++){
- if(wfs_config[w_[i]]['element'][j]['f_geom'] == 1){
- filter += wfs_config[w_[i]]['element'][j]['element_name'];
- }
- }
- filter += "</ogc:PropertyName><gml:Polygon srsName=\"EPSG:4326\">";
- filter += '<gml:outerBoundaryIs><gml:LinearRing><gml:coordinates>';
- for(var k=0; k<queryGeom.count(); k++){
- if(k>0) filter += " ";
- filter += queryGeom.get(k).x+","+queryGeom.get(k).y;
- }
- filter += '</gml:coordinates></gml:LinearRing></gml:outerBoundaryIs>';
- filter += '</gml:Polygon></Within></ogc:Filter>';
- mb_get_geom(url, filter, i, w_[i]);
- }
- }
- else if(queryGeom.geomType==geomType.line){
- var rectangle = [];
- if(queryGeom.geomType == geomType.line){
- var rectangle = queryGeom.getBBox();
- }
- for(var i=0; i<w_.length; i++){
- var url = wfs_config[w_[i]]['wfs_getfeature'];
- param = "service=wfs&request=getFeature&version=1.0.0&typename="+ wfs_config[w_[i]]['featuretype_name']+"&filter=";
- var filter = "<ogc:Filter xmlns:ogc='http://ogc.org' xmlns:gml='http://www.opengis.net/gml'>";
- filter += "<ogc:BBOX><ogc:PropertyName>";
- for(var j=0; j<wfs_config[w_[i]]['element'].length; j++){
- if(wfs_config[w_[i]]['element'][j]['f_geom'] == 1){
- filter += wfs_config[w_[i]]['element'][j]['element_name'];
- }
- }
- filter += "</ogc:PropertyName><gml:Box srsName='4326'><gml:coordinates>";
- filter += rectangle[0].x+","+rectangle[0].y+ " " + rectangle[1].x+","+rectangle[1].y;
- filter += "</gml:coordinates></gml:Box></ogc:BBOX></ogc:Filter>";
- url += param;
- mb_get_geom(url, filter, i, w_[i]);
- }
- }
- else if(queryGeom.geomType == geomType.point){
- var tmp = queryGeom.get(0);
- var buffer = mb_wfs_tolerance/2;
- for(var i=0; i<w_.length; i++){
- var url = wfs_config[w_[i]]['wfs_getfeature'];
- param = "service=wfs&request=getFeature&version=1.0.0&typename="+ wfs_config[w_[i]]['featuretype_name']+"&filter=";
- var filter = "<ogc:Filter xmlns:ogc='http://ogc.org' xmlns:gml='http://www.opengis.net/gml'>";
- filter += "<Intersects><ogc:PropertyName>";
- for(var j=0; j<wfs_config[w_[i]]['element'].length; j++){
- if(wfs_config[w_[i]]['element'][j]['f_geom'] == 1){
- filter += wfs_config[w_[i]]['element'][j]['element_name'];
- }
- }
- filter += "</ogc:PropertyName><gml:Polygon srsName='4326'><gml:outerBoundaryIs><gml:LinearRing><gml:coordinates>";
- filter += (tmp.x - buffer) + "," + (tmp.y - buffer) + " " + (tmp.x + buffer) + "," + (tmp.y - buffer) + " ";
- filter += (tmp.x + buffer) + "," + (tmp.y + buffer) + " " + (tmp.x - buffer) + "," + (tmp.y + buffer) + " " + (tmp.x - buffer) + "," + (tmp.y - buffer);
- filter += "</gml:coordinates></gml:LinearRing></gml:outerBoundaryIs></gml:Polygon></Intersects></ogc:Filter>";
- url += param;
- mb_get_geom(url, filter, i, w_[i]);
- }
- }
-// highlight = new Highlight(mb_wfs_targets, highlight_tag_id, {"position":"absolute", "top":"0px", "left":"0px", "z-index":generalHighlightZIndex}, generalHighlightLineWidth);
- return true;
-}
-
-function mb_get_geom(url, filter, index, wfs_conf_id) {
-
- mb_ajax_post("../" + wfsResultModulePath + wfsResultModuleFilename,{'url':url,'filter':filter,'typename':wfs_config[wfs_conf_id]['featuretype_name'],'wfs_conf_id':wfs_conf_id},function(js_code,status){
-// alert(js_code);
- eval(js_code);
- if (typeof(geom) == 'object') mb_execWfsReadSubFunctions(geom);
-// prompt('', js_code);
- });
-}
-
-//deprecated stuff
-function mod_wfs_spatialRequest_dialog(){
-}
-function useExtentIsSet () {
- return mod_wfs_spatialRequest_useExtent;
-}
-
-displayButtons();
+<?php
+#$Id$
+#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
+# Copyright (C) 2002 CCGIS
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+session_start();
+import_request_variables("PG");
+require_once("../php/mb_validateSession.php");
+require_once("../../conf/mapbender.conf");
+require_once("../../conf/wfs_default.conf");
+$con = db_connect(DBSERVER,OWNER,PW);
+db_select_db(DB,$con);
+
+$gui_id = $_REQUEST["gui_id"];
+$e_id_css = "setSpatialRequest";
+
+$wfs_conf_filename = "wfs_default.conf";
+include '../include/dyn_php.php';
+include("../../conf/" . $wfs_conf_filename);
+
+include '../include/dyn_js.php';
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'setSpatialRequest' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
+$cnt = 0;
+while($row = db_fetch_array($res)){
+ $e_src = $row["e_src"];
+ $e_target = $row["e_target"];
+ $cnt++;
+}
+if($cnt > 1){ echo "alert('setExtRequest: ID not unique!');\n";}
+echo "var mod_wfs_spatialRequest_target = '".$e_target."';\n";
+?>
+
+var wfsAreaType_point = "point";
+var wfsAreaType_polygon = "polygon";
+var wfsAreaType_rectangle = "rectangle";
+var wfsAreaType_extent = "extent";
+var wfsAreaType_current = "";
+
+var mod_wfs_spatialRequest_frameName = "";
+var mod_wfs_spatialRequest_epsg;
+var mod_wfs_spatialRequest_width;
+var mod_wfs_spatialRequest_height;
+
+var mod_wfs_spatialRequest_bg = "";
+var mod_wfs_spatialRequest_pgsql = true;
+var mod_wfs_spatialRequest_win = null;
+var mod_wfs_spatialRequest_thema = false;
+
+var button_point = "point";
+var button_polygon = "polygon";
+var button_rectangle = "rectangle";
+var button_extent = "extent";
+var button_dialogue = "dialogue";
+var mb_wfs_tolerance = 8;
+
+var activeButton = null;
+var mod_wfs_spatialRequest_geometry = null;
+var mod_wfs_spatialRequestSubFunctions = [];
+
+
+// ------------------------------------------------------------------------------------------
+// ------------ button handling -------------------------------------------------------------
+
+function displayButtons() {
+ for (var i = 0 ; i < buttonWfs_id.length ; i ++) {
+ if (parseInt(buttonWfs_on[i])==1) {
+ document.write("<div id='div_"+buttonWfs_id[i]+"' style='position:absolute; top:"+buttonWfs_y[i]+"; left:"+buttonWfs_x[i]+"; z-index:"+buttonWfs_zIndex+"'><img name=\""+buttonWfs_id[i]+"\" onmouseover=\"mb_regButton_frame('initWfsButton', null, "+i+");\" id=\""+buttonWfs_id[i]+"\" title=\""+buttonWfs_title_off[i]+"\" src=\""+buttonWfs_imgdir+buttonWfs_src[i]+"\"></div>");
+ }
+ }
+}
+
+function initWfsButton(ind, pos) {
+ mb_button[ind] = document.getElementById(buttonWfs_id[pos]);
+ mb_button[ind].img_over = buttonWfs_imgdir + buttonWfs_src[pos].replace(/_off/,"_over");
+ mb_button[ind].img_on = buttonWfs_imgdir + buttonWfs_src[pos].replace(/_off/,"_on");
+ mb_button[ind].img_off = buttonWfs_imgdir + buttonWfs_src[pos];
+ mb_button[ind].status = 0;
+ mb_button[ind].elName = buttonWfs_id[pos];
+ mb_button[ind].fName = "";
+ mb_button[ind].go = new Function ("wfsEnable(mb_button["+ind+"], " + pos + ")");
+ mb_button[ind].stop = new Function ("wfsDisable(mb_button["+ind+"], " + pos + ")");
+ var ind = getMapObjIndexByName(mod_wfs_spatialRequest_target);
+ mod_wfs_spatialRequest_width = mb_mapObj[ind].width;
+ mod_wfs_spatialRequest_height = mb_mapObj[ind].height;
+ mod_wfs_spatialRequest_epsg = mb_mapObj[ind].epsg;
+ mb_registerSubFunctions("drawDashedLineExt()");
+ mb_registerPanSubElement("measuring");
+}
+
+function wfsEnable(obj) {
+ if (obj.id == button_point) {
+ if (activeButton == null) {
+ activeButton = obj;
+ }
+ mod_wfs_spatialRequest_geometry = new Geometry(geomType.point);
+ wfsAreaType_current = wfsAreaType_point;
+ mod_wfs_spatialRequest_digitize_go(geomType.point);
+ }
+ if (obj.id == button_polygon) {
+ if (activeButton == null) {
+ activeButton = obj;
+ }
+ mod_wfs_spatialRequest_geometry = new Geometry(geomType.polygon);
+ wfsAreaType_current = wfsAreaType_polygon;
+ mod_wfs_spatialRequest_digitize_go(geomType.polygon);
+ var measureSub = "";
+ for(var i=0; i<mod_wfs_spatialRequestSubFunctions.length; i++){
+ measureSub += eval(mod_wfs_spatialRequestSubFunctions[i]);
+ }
+ writeTag(mod_wfs_spatialRequest_target,"measure_sub",measureSub);
+ }
+ else if (obj.id == button_rectangle){
+ if (activeButton == null) {
+ activeButton = obj;
+ }
+ mod_wfs_spatialRequest_geometry = new Geometry(geomType.line);
+ wfsAreaType_current = wfsAreaType_rectangle;
+ mod_selAreaExt_click();
+ }
+ else if (obj.id == button_extent){
+ if (activeButton == null) {
+ activeButton = obj;
+ }
+ mod_wfs_spatialRequest_geometry = new Geometry(geomType.line);
+ wfsAreaType_current = wfsAreaType_extent;
+ var ind = getMapObjIndexByName(mod_wfs_spatialRequest_target);
+ var p0 = mapToReal(mod_wfs_spatialRequest_target, new Point(0,0));
+ var p1 = mapToReal(mod_wfs_spatialRequest_target, new Point(mb_mapObj[ind].width,mb_mapObj[ind].height));
+ mod_wfs_spatialRequest_geometry.addPoint(p0);
+ mod_wfs_spatialRequest_geometry.addPoint(p1);
+ mod_getAreaExt_send();
+ }
+ else if (obj.id == button_dialogue) {
+ activeButton = obj;
+ mod_wfs_SpatialRequest_dialog();
+ }
+}
+
+function wfsDisable(obj) {
+ var el = window.frames[mod_wfs_spatialRequest_target].document;
+ el.onmousedown = null;
+ el.ondblclick = null;
+ el.onmousemove = null;
+ writeTag(mod_wfs_spatialRequest_target,"measure_display","");
+ writeTag(mod_wfs_spatialRequest_target,"measure_sub","");
+ activeButton = null;
+}
+
+// ------------------------------------------------------------------------------------------
+
+// ----------------------------------------------------------------------------------------------
+// -------------------- rectangle -----------------------------------------------------------------
+
+function mod_selAreaExt_click(){
+ var el = window.frames[mod_wfs_spatialRequest_target].document;
+ el.onmouseover = mod_selAreaExt_init;
+ el.onmousedown = mod_box_start;
+ el.onmouseup = mod_selAreaExt_get;
+ el.onmousemove = mod_box_run;
+}
+function mod_selAreaExt_init(e){
+ mb_isBF = mod_wfs_spatialRequest_target;
+ mb_zF = mod_wfs_spatialRequest_target;
+}
+function mod_selAreaExt_get(e){
+ mod_selAreaExt_setValidClipping(mod_box_stop(e));
+ mb_isBF = mod_wfs_spatialRequest_target;
+ mb_zF = mod_wfs_spatialRequest_target;
+}
+function mod_selAreaExt_setValidClipping(coords){
+ if (mod_wfs_spatialRequest_geometry != null) {
+ mod_wfs_spatialRequest_geometry.addPoint(new Point(coords[0],coords[1]));
+ mod_wfs_spatialRequest_geometry.addPoint(new Point(coords[2],coords[3]));
+
+ if(mod_wfs_spatialRequest_geometry.count() == 2){
+ mod_getAreaExt_send();
+ }
+ else{
+ alert(errorMessageInvalidExtent[selectedLanguage])
+ mb_disableThisButton(activeButton.id);
+ }
+ }
+}
+// ----------------------------------------------------------------------------------------------
+
+
+// ----------------------------------------------------------------------------------------------
+// -------------------- polygon && point --------------------------------------------------------
+
+function mod_wfs_spatialRequest_digitize_go(geomType){
+ if (geomType == geomType.polygon) {
+ mod_wfs_spatialRequest_geometry = new Geometry(geomType.polygon);
+ }
+ s = new Snapping(mod_wfs_spatialRequest_target);
+
+ var el = window.frames[mod_wfs_spatialRequest_target].document;
+ el.onmousedown = mod_wfs_spatialRequest_start;
+ el.onmousemove = mod_wfs_spatialRequest_run;
+ var measureSub = "";
+ for(var i=0; i<mod_wfs_spatialRequestSubFunctions.length; i++){
+ measureSub += eval(mod_wfs_spatialRequestSubFunctions[i]);
+ }
+ writeTag(mod_wfs_spatialRequest_target,"measure_sub",measureSub);
+}
+
+// ---------------------------------------------------------------------------------------------
+
+function mod_wfs_spatialRequest_run(e) {
+ if (mod_wfs_spatialRequest_geometry.count() >= 3) {
+ mb_getMousePos(e,mod_wfs_spatialRequest_target);
+ var pos = new Point(clickX,clickY).round(2);
+ s.check(pos);
+ }
+}
+
+function mod_wfs_spatialRequest_start(e){
+ var realWorldPos;
+ if (s.isSnapped() == true) {
+ realWorldPos = s.getSnappedPoint();
+ s.clean();
+ }
+ else {
+ mb_getMousePos(e,mod_wfs_spatialRequest_target);
+ realWorldPos = mapToReal(mod_wfs_spatialRequest_target,new Point(clickX,clickY)).round(2);
+ }
+
+ mod_wfs_spatialRequest_geometry.addPoint(realWorldPos);
+
+ if (mod_wfs_spatialRequest_geometry.count() == 1) {
+ s.add(mod_wfs_spatialRequest_geometry.get(0));
+ }
+ if (s.isSnapped() && mod_wfs_spatialRequest_geometry.count() >= 3 && mod_wfs_spatialRequest_geometry.get(-1).equals(mod_wfs_spatialRequest_geometry.get(0))) {
+ mod_wfs_spatialRequest_geometry.close();
+ mod_getAreaExt_send();
+ return;
+ }
+
+ if(wfsAreaType_current == wfsAreaType_point){
+ mod_getAreaExt_send();
+ return;
+ }
+ drawDashedLineExt();
+}
+function drawDashedLineExt(){
+ var str_mPoints = "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='"+mod_wfs_spatialRequest_width+"' height='0'></div>";
+ str_mPoints += "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='0' height='"+mod_wfs_spatialRequest_height+"'></div>";
+ if (mod_wfs_spatialRequest_geometry != null) {
+ for(var i=0; i<mod_wfs_spatialRequest_geometry.count(); i++){
+ var pos = realToMap(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry.get(i));
+ str_mPoints += "<div style='font-size:1px;position:absolute;top:"+(pos.y-2)+"px;left:"+(pos.x-2)+"px;width:3px;height:3px;background-color:#ff0000'></div>";
+ }
+ if(mod_wfs_spatialRequest_geometry.count()>1){
+ for(var k=1; k<mod_wfs_spatialRequest_geometry.count(); k++){
+ var pos0 = realToMap(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry.get(k));
+ var pos1 = realToMap(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry.get(k-1));
+ str_mPoints += evaluateDashesExt(pos1,pos0,k);
+ }
+ }
+ }
+ writeTag(mod_wfs_spatialRequest_target,"measuring",str_mPoints);
+}
+function evaluateDashesExt(p1,p0,count){
+ var str_dashedLine = "";
+ var d = p0.dist(p1);
+ var n = Math.round(d);
+ var s = p0.minus(p1).dividedBy(n);
+ for(var i=1; i<n; i++){
+ var currPoint = p1.plus(s.times(i)).minus(new Point(2,2)).round(0);
+ if(currPoint.x >= 0 && currPoint.x <= mod_wfs_spatialRequest_width && currPoint.y >= 0 && currPoint.y <= mod_wfs_spatialRequest_height){
+ str_dashedLine += "<div style='font-size:1px;position:absolute;top:"+currPoint.y+"px;left:"+currPoint.x+"px;width:3px;height:3px;background-color:#ff0000'></div>";
+ }
+ }
+ return str_dashedLine;
+}
+function mod_wfs_spatialRequest_close(){
+ if(mod_wfs_spatialRequest_geometry.count() < 3){
+ return;
+ }
+ mod_wfs_spatialRequest_geometry.closeGeometry();
+ drawDashedLineExt();
+ mod_getAreaExt_send();
+}
+
+function register_setExtRequestSubFunctions(stringFunction){
+ mod_wfs_spatialRequestSubFunctions[mod_wfs_spatialRequestSubFunctions.length] = stringFunction;
+}
+
+function mod_getAreaExt_send(){
+ mb_setwfsrequest(mod_wfs_spatialRequest_target,mod_wfs_spatialRequest_geometry);
+ mod_wfs_spatialRequest_delete();
+ mb_disableThisButton(activeButton.id);
+ mod_wfs_spatialRequest_geometry = null;
+}
+
+function mod_wfs_spatialRequest_delete(){
+ writeTag(mod_wfs_spatialRequest_target,"measuring","");
+ writeTag(mod_wfs_spatialRequest_target,"measure_display","");
+}
+
+function mod_wfs_spatialRequest_timeout(){
+ var el = window.frames[mod_wfs_spatialRequest_target].document;
+ el.onmousedown = null;
+ el.ondblclick = null;
+ el.onmousemove = null;
+}
+
+function mod_wfs_spatialRequest_disableTimeout(){
+ var el = window.frames[mod_wfs_spatialRequest_target].document;
+ el.onmousedown = mod_wfs_spatialRequest_start;
+}
+
+
+function isSetWfsResultToDigitize() {
+ if (parseInt(buttonWfs_toDigitize_on)==1) return true;
+ return false;
+}
+
+function mod_wfs_SpatialRequest_dialog(){
+ if(!mod_wfs_spatialRequest_win || mod_wfs_spatialRequest_win == null || mod_wfs_spatialRequest_win.closed == true){
+ mod_wfs_spatialRequest_win = window.open("","mod_wfs_spatialRequest_win","width=200,height=150,resizable=yes");
+ mod_wfs_spatialRequest_win.document.open("text/html");
+
+ mod_wfs_spatialRequest_win.document.writeln('<script language="JavaScript" type="text/javascript">');
+ mod_wfs_spatialRequest_win.document.writeln('function set(obj){');
+ mod_wfs_spatialRequest_win.document.writeln('for(var i=0; i< document.getElementsByName("geom").length; i++){');
+ mod_wfs_spatialRequest_win.document.writeln('if(document.getElementsByName("geom")[i].checked){');
+ mod_wfs_spatialRequest_win.document.writeln('window.opener.mod_setExtRequest_geom = document.getElementsByName("geom")[i].value;');
+ mod_wfs_spatialRequest_win.document.writeln('}');
+ mod_wfs_spatialRequest_win.document.writeln('}');
+// mod_wfs_spatialRequest_win.document.writeln('window.opener.mod_wfs_spatialRequest_geom = obj.value;');
+ mod_wfs_spatialRequest_win.document.writeln('window.opener.wfsEnable(obj);');
+ mod_wfs_spatialRequest_win.document.writeln('window.close();');
+ mod_wfs_spatialRequest_win.document.writeln('return false; ');
+ mod_wfs_spatialRequest_win.document.writeln('}');
+ mod_wfs_spatialRequest_win.document.writeln('</script>');
+
+ mod_wfs_spatialRequest_win.document.writeln("<form>");
+ mod_wfs_spatialRequest_win.document.writeln("<input id='point' name='geom' type='radio' value='"+button_point+"' onclick='set(this)'> Punkt<br>");
+ mod_wfs_spatialRequest_win.document.writeln("<input id='rectangle' name='geom' type='radio' value='"+button_rectangle+"' onclick='set(this)'> Rechteck<br>");
+ mod_wfs_spatialRequest_win.document.writeln("<input id='polygon' name='geom' type='radio' value='"+button_polygon+"'onclick='set(this)'> Polygon<br>");
+ mod_wfs_spatialRequest_win.document.writeln("<input id='extent' name='geom' type='radio' value='"+button_extent+"'onclick='set(this)'> Extent<br>");
+ var checked = "";
+// if (mod_wfs_spatialRequest_useExtent) {
+// checked = " checked";
+// }
+ //mod_wfs_spatialRequest_win.document.writeln("<input id='extent' name='geom' type='radio' value='extent' onclick='set(this)' " + checked + "> Extent<br>");
+ mod_wfs_spatialRequest_win.document.writeln("</form>");
+ mod_wfs_spatialRequest_win.document.close();
+ }
+ else{
+ mod_wfs_spatialRequest_win.focus();
+ }
+}
+
+function mb_setwfsrequest(target,queryGeom){
+ //mb_wfs_reset();
+ var ind = getMapObjIndexByName(target);
+ var w = [];
+ w_ = [];
+ wfs_config = window.frames["wfs_conf"].get_wfs_conf();
+ for (var i=0; i<mb_mapObj[ind].wms.length; i++){
+ for(var ii=0; ii<mb_mapObj[ind].wms[i].objLayer.length; ii++){
+ var o = mb_mapObj[ind].wms[i].objLayer[ii];
+ if(o.gui_layer_wfs_featuretype != '' && o.gui_layer_querylayer == '1'){
+ w[w.length] = o.gui_layer_wfs_featuretype;
+ }
+ }
+ }
+ for(var i=0; i<w.length; i++){
+ for(var ii=0; ii<wfs_config.length; ii++){
+ if(wfs_config[ii]['wfs_conf_id'] == w[i]) w_[w_.length] = ii;
+ }
+ }
+
+ if(queryGeom.geomType==geomType.polygon){
+ for(var i=0; i<w_.length; i++){
+ var url = wfs_config[w_[i]]['wfs_getfeature'];
+ url += "service=wfs&request=getFeature&version=1.0.0";
+ url += "&typename="+ wfs_config[w_[i]]['featuretype_name'];
+ url += "&filter=";
+ var filter = '<ogc:Filter xmlns:ogc="http://ogc.org" xmlns:gml="http://www.opengis.net/gml">';
+ filter += "<Within><ogc:PropertyName>";
+ for(var j=0; j<wfs_config[w_[i]]['element'].length; j++){
+ if(wfs_config[w_[i]]['element'][j]['f_geom'] == 1){
+ filter += wfs_config[w_[i]]['element'][j]['element_name'];
+ }
+ }
+ filter += "</ogc:PropertyName><gml:Polygon srsName=\"EPSG:4326\">";
+ filter += '<gml:outerBoundaryIs><gml:LinearRing><gml:coordinates>';
+ for(var k=0; k<queryGeom.count(); k++){
+ if(k>0) filter += " ";
+ filter += queryGeom.get(k).x+","+queryGeom.get(k).y;
+ }
+ filter += '</gml:coordinates></gml:LinearRing></gml:outerBoundaryIs>';
+ filter += '</gml:Polygon></Within></ogc:Filter>';
+ mb_get_geom(url, filter, i, wfs_config[w_[i]]['featuretype_name'], w_[i], w[i]);
+ }
+ }
+ else if(queryGeom.geomType==geomType.line){
+ var rectangle = [];
+ if(queryGeom.geomType == geomType.line){
+ var rectangle = queryGeom.getBBox();
+ }
+ for(var i=0; i<w_.length; i++){
+ var url = wfs_config[w_[i]]['wfs_getfeature'];
+ param = "service=wfs&request=getFeature&version=1.0.0&typename="+ wfs_config[w_[i]]['featuretype_name']+"&filter=";
+ var filter = "<ogc:Filter xmlns:ogc='http://ogc.org' xmlns:gml='http://www.opengis.net/gml'>";
+ filter += "<ogc:BBOX><ogc:PropertyName>";
+ for(var j=0; j<wfs_config[w_[i]]['element'].length; j++){
+ if(wfs_config[w_[i]]['element'][j]['f_geom'] == 1){
+ filter += wfs_config[w_[i]]['element'][j]['element_name'];
+ }
+ }
+ filter += "</ogc:PropertyName><gml:Box srsName='4326'><gml:coordinates>";
+ filter += rectangle[0].x+","+rectangle[0].y+ " " + rectangle[1].x+","+rectangle[1].y;
+ filter += "</gml:coordinates></gml:Box></ogc:BBOX></ogc:Filter>";
+ url += param;
+ mb_get_geom(url, filter, i, wfs_config[w_[i]]['featuretype_name'], w_[i], w[i]);
+ }
+ }
+ else if(queryGeom.geomType == geomType.point){
+ var tmp = queryGeom.get(0);
+ var buffer = mb_wfs_tolerance/2;
+ for(var i=0; i<w_.length; i++){
+ var url = wfs_config[w_[i]]['wfs_getfeature'];
+ param = "service=wfs&request=getFeature&version=1.0.0&typename="+ wfs_config[w_[i]]['featuretype_name']+"&filter=";
+ var filter = "<ogc:Filter xmlns:ogc='http://ogc.org' xmlns:gml='http://www.opengis.net/gml'>";
+ filter += "<Intersects><ogc:PropertyName>";
+ for(var j=0; j<wfs_config[w_[i]]['element'].length; j++){
+ if(wfs_config[w_[i]]['element'][j]['f_geom'] == 1){
+ filter += wfs_config[w_[i]]['element'][j]['element_name'];
+ }
+ }
+ filter += "</ogc:PropertyName><gml:Polygon srsName='4326'><gml:outerBoundaryIs><gml:LinearRing><gml:coordinates>";
+ filter += (tmp.x - buffer) + "," + (tmp.y - buffer) + " " + (tmp.x + buffer) + "," + (tmp.y - buffer) + " ";
+ filter += (tmp.x + buffer) + "," + (tmp.y + buffer) + " " + (tmp.x - buffer) + "," + (tmp.y + buffer) + " " + (tmp.x - buffer) + "," + (tmp.y - buffer);
+ filter += "</gml:coordinates></gml:LinearRing></gml:outerBoundaryIs></gml:Polygon></Intersects></ogc:Filter>";
+ url += param;
+ mb_get_geom(url, filter, i, wfs_config[w_[i]]['featuretype_name'], w_[i], w[i]);
+ }
+ }
+// highlight = new Highlight(mb_wfs_targets, highlight_tag_id, {"position":"absolute", "top":"0px", "left":"0px", "z-index":generalHighlightZIndex}, generalHighlightLineWidth);
+ return true;
+}
+
+function mb_get_geom(url, filter, index, typename, js_wfs_conf_id, db_wfs_conf_id) {
+
+ mb_ajax_post("../" + wfsResultModulePath + wfsResultModuleFilename, {'url':url,'filter':filter,'typename':typename,'js_wfs_conf_id':js_wfs_conf_id, 'db_wfs_conf_id':db_wfs_conf_id}, function(js_code,status){
+// alert(js_code);
+ eval(js_code);
+ if (typeof(geom) == 'object') mb_execWfsReadSubFunctions(geom);
+// prompt('', js_code);
+ });
+}
+
+//deprecated stuff
+function mod_wfs_spatialRequest_dialog(){
+}
+function useExtentIsSet () {
+ return mod_wfs_spatialRequest_useExtent;
+}
+
+displayButtons();
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_wfs_gazetteer_client.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_wfs_gazetteer_client.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_wfs_gazetteer_client.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,5 @@
<?php
-# $Id: mod_wfs_gazetteer_ajax.php 1307 2007-05-09 10:06:24Z christoph $
+# $Id$
# maintained by http://www.mapbender.org/index.php/User:Verena Diewald
# http://www.mapbender.org/index.php/WFS_gazetteer
# Copyright (C) 2002 CCGIS
@@ -124,7 +124,11 @@
function appendWfsConfSelectBox() {
var selectNode = document.createElement("select");
selectNode.name = "wfs_conf_sel";
- selectNode.setAttribute("onchange", "global_selectedWfsConfId = this.value;appendStyles();appendWfsForm()");
+ selectNode.onchange = function () {
+ global_selectedWfsConfId = this.value;
+ appendStyles();
+ appendWfsForm();
+ };
var isSelected = false;
for (var wfsConfId in global_wfsConfObj) {
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomCoords.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomCoords.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomCoords.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,5 +1,5 @@
<?php
-#$Id: mod_zoomCoords.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomCoords.php,v 1.10 2006/03/09 08:57:13 uli_rothstein Exp $
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
session_start();
@@ -70,8 +70,10 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'zoomCoords' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'zoomCoords' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomFull.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomFull.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomFull.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,12 +1,14 @@
<?php
-#$Id: mod_zoomFull.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomFull.php,v 1.8 2005/09/13 18:16:42 bjoern_heuser Exp $
$gui_id = $_REQUEST["gui_id"];
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomFull' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomFull' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_src = $row["e_src"];
Modified: branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomOut1.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomOut1.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/mod_zoomOut1.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,13 +1,15 @@
<?php
-#$Id: mod_zoomOut1.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomOut1.php,v 1.8 2005/09/13 18:16:42 bjoern_heuser Exp $
$gui_id = $_REQUEST["gui_id"];
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomOut1' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomOut1' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_src = $row["e_src"];
Deleted: branches/2.4.5/2.4.4_leak/http/javascripts/transform_coordinatesWGS84.php
===================================================================
--- tags/2.4.4/http/javascripts/transform_coordinatesWGS84.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/javascripts/transform_coordinatesWGS84.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -1,49 +0,0 @@
-<?php
-# $Id: mod_measure.php 267 2006-05-12 12:16:01Z vera_schulze $
-# http://www.mapbender.org/index.php/mod_measure.php
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-
-$DBSERVER = '192.168.0.100';
-$OWNER = "admin";
-$PW = "&see5Toxu?";
-
-$con = pg_connect('host=' . $DBSERVER . ' user=' . $OWNER . ' password=' . $PW . ' dbname=merlin');
-
-
-
-$sql_pointA = "SELECT X(transform(GeometryFromText('POINT(".$_POST['x1']." ".$_POST['y1'].")',4326),".$_POST['inputEPSG'].")) as minx, Y(transform(GeometryFromText('POINT(".$_POST['x1']." ".$_POST['y1'].")',4326),".$_POST['inputEPSG'].")) as miny;";
-
-$resA = db_query($sql_pointA);
-$recA = pg_fetch_array($resA);
-
-$sql_pointB = "SELECT X(transform(GeometryFromText('POINT(".$_POST['x2']." ".$_POST['y2'].")',4326),".$_POST['inputEPSG'].")) as maxx, Y(transform(GeometryFromText('POINT(".$_POST['x2']." ".$_POST['y2'].")',4326),".$_POST['inputEPSG'].")) as maxy;";
-
-$resB = db_query($sql_pointB);
-$recB = pg_fetch_array($resB);
-
-$sql_dist = "SELECT distance('POINT(".$recA['minx']." ".$recA['miny']. ")','POINT(" . $recB['maxx']." ". $recB['maxy'].")') as dist;";
-$res_dist = db_query($sql_dist);
-$rec_dist = pg_fetch_array($res_dist);
-
-echo $rec_dist['dist'];
-#echo $recA['minx']. "," . $recA['miny'] . "," . $recB['maxx']. "," . $recB['maxy']. "," .$rec_dist['dist'];
-
-
-
-?>
Modified: branches/2.4.5/2.4.4_leak/http/php/createImageFromText.php
===================================================================
--- tags/2.4.4/http/php/createImageFromText.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/createImageFromText.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -23,7 +23,7 @@
$text_x = 4;
$text_y = 0;
-$rect_w = 7 * mb_strlen($text) + $text_x;
+$rect_w = 7 * strlen($text) + $text_x;
$rect_h = 14 + $text_y;
$im = ImageCreate($rect_w, $rect_h);
Modified: branches/2.4.5/2.4.4_leak/http/php/mb_listWMCs.php
===================================================================
--- tags/2.4.4/http/php/mb_listWMCs.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mb_listWMCs.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -98,8 +98,10 @@
}
function getTarget($gui_id) {
- $sql = "SELECT e_requires, e_target FROM gui_element WHERE e_id = 'loadwmc' AND fkey_gui_id = '".$gui_id."'";
- $res = db_query($sql);
+ $sql = "SELECT e_requires, e_target FROM gui_element WHERE e_id = 'loadwmc' AND fkey_gui_id = $1";
+ $v = array($gui_id);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_WMSpreferences.php
===================================================================
--- tags/2.4.4/http/php/mod_WMSpreferences.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_WMSpreferences.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -62,8 +62,10 @@
</STYLE>
<?php
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
$vis = "";
$wmsid = "";
@@ -79,8 +81,10 @@
echo "var mod_WMSpreferences_target2 = '".trim($target[1])."';";
echo "</script>";
-$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res_visible = db_query($sql_visible);
+$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res_visible = db_prep_query($sql_visible, $v, $t);
$cnt_visible = 0;
while($row = db_fetch_array($res_visible)){
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_changeEPSG.php
===================================================================
--- tags/2.4.4/http/php/mod_changeEPSG.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_changeEPSG.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -53,66 +53,79 @@
# transform coordinates
if(isset($_REQUEST["srs"])){
- require_once("../../conf/mapbender.conf");
+ require_once(dirname(__FILE__) . "/../../conf/mapbender.conf");
$arraymapObj = split("###", $_REQUEST["srs"]);
echo "<script type='text/javascript'>";
echo "var newExtent = new Array();";
for($i=0; $i < count($arraymapObj); $i++){
$temp = split(",",$arraymapObj[$i]);
- if(SYS_DBTYPE=='pgsql'){
- $con = db_connect($DBSERVER,$OWNER,$PW);
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as minx";
- $resMinx = db_query($sqlMinx);
- $minx = db_result($resMinx,0,"minx");
-
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as miny";
- $resMiny = db_query($sqlMiny);
- $miny = db_result($resMiny,0,"miny");
-
- $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxx";
- $resMaxx =db_query($sqlMaxx);
- $maxx = db_result($resMaxx,0,"maxx");
-
- $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxy";
- $resMaxy = db_query($sqlMaxy);
- $maxy = db_result($resMaxy,0,"maxy");
- }else{
- $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
- $con = pg_connect($con_string) or die ("Error while connecting database");
-
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as minx";
- $resMinx = pg_query($con,$sqlMinx);
- $minx = pg_fetch_result($resMinx,0,"minx");
-
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as miny";
- $resMiny = pg_query($con,$sqlMiny);
- $miny = pg_fetch_result($resMiny,0,"miny");
-
- $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxx";
- $resMaxx = pg_query($con,$sqlMaxx);
- $maxx = pg_fetch_result($resMaxx,0,"maxx");
-
- $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxy";
- $resMaxy = pg_query($con,$sqlMaxy);
- $maxy = pg_fetch_result($resMaxy,0,"maxy");
- }
- $extenty = $maxy - $miny;
- $extentx = $maxx - $minx;
- $relation_px_x = $temp[6] / $temp[7];
- $relation_px_y = $temp[7] / $temp[6];
- $relation_bbox_x = $extentx / $extenty;
- if($relation_bbox_x <= $relation_px_x){
- $centerx = $minx + ($extentx/2);
- $minx = $centerx - $relation_px_x * $extenty / 2;
- $maxx = $centerx + $relation_px_x * $extenty / 2;
+ // check if parameters are valid geometries to
+ // avoid SQL injections
+
+ $oldEPSG = preg_replace("/EPSG:/","",$temp[1]);
+ $newEPSG = preg_replace("/EPSG:/","",$_REQUEST["newSRS"]);
+
+ if (is_numeric($temp[2]) && is_numeric($temp[3]) && is_numeric($temp[4]) && is_numeric($temp[5]) && is_numeric($oldEPSG) && is_numeric($newEPSG)) {
+
+ if(SYS_DBTYPE=='pgsql'){
+ $con = db_connect($DBSERVER,$OWNER,$PW);
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $resMinx = db_query($sqlMinx);
+ $minx = db_result($resMinx,0,"minx");
+
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $resMiny = db_query($sqlMiny);
+ $miny = db_result($resMiny,0,"miny");
+
+ $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxx";
+ $resMaxx = db_query($sqlMaxx);
+ $maxx = db_result($resMaxx,0,"maxx");
+
+ $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxy";
+ $resMaxy = db_query($sqlMaxy);
+ $maxy = db_result($resMaxy,0,"maxy");
+ }else{
+ $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
+ $con = pg_connect($con_string) or die ("Error while connecting database");
+
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $resMinx = pg_query($con,$sqlMinx);
+ $minx = pg_fetch_result($resMinx,0,"minx");
+
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $resMiny = pg_query($con,$sqlMiny);
+ $miny = pg_fetch_result($resMiny,0,"miny");
+
+ $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxx";
+ $resMaxx = pg_query($con,$sqlMaxx);
+ $maxx = pg_fetch_result($resMaxx,0,"maxx");
+
+ $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxy";
+ $resMaxy = pg_query($con,$sqlMaxy);
+ $maxy = pg_fetch_result($resMaxy,0,"maxy");
+ }
+ $extenty = $maxy - $miny;
+ $extentx = $maxx - $minx;
+ $relation_px_x = $temp[6] / $temp[7];
+ $relation_px_y = $temp[7] / $temp[6];
+ $relation_bbox_x = $extentx / $extenty;
+
+ if($relation_bbox_x <= $relation_px_x){
+ $centerx = $minx + ($extentx/2);
+ $minx = $centerx - $relation_px_x * $extenty / 2;
+ $maxx = $centerx + $relation_px_x * $extenty / 2;
+ }
+ if($relation_bbox_x > $relation_px_x){
+ $centery = $miny + ($extenty/2);
+ $miny = $centery - $relation_px_y * $extentx / 2;
+ $maxy = $centery + $relation_px_y * $extentx / 2;
+ }
+ echo "newExtent[".$i."] = '".$temp[0].",".$_REQUEST["newSRS"].",".$minx.",".$miny.",".$maxx.",".$maxy."';";
}
- if($relation_bbox_x > $relation_px_x){
- $centery = $miny + ($extenty/2);
- $miny = $centery - $relation_px_y * $extentx / 2;
- $maxy = $centery + $relation_px_y * $extentx / 2;
- }
- echo "newExtent[".$i."] = '".$temp[0].",".$_REQUEST["newSRS"].",".$minx.",".$miny.",".$maxx.",".$maxy."';";
+ else {
+ echo "var e = new parent.Mb_exception('mod_changeEPSG.php: invalid input parameter (p1 = (" . $temp[2] . "," . $temp[3] . "), p2 = (" . $temp[4] . "," . $temp[5] . "), old EPSG: " . $oldEPSG . ", new EPSG: " . $newEPSG . ", ).');";
+ }
}
echo "</script>";
}
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_createUser.php
===================================================================
--- tags/2.4.4/http/php/mod_createUser.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_createUser.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -20,6 +20,7 @@
import_request_variables("PG");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
if(PORTAL != true){
echo "This module is disabled. Please check your mapbender.conf.";
die;
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_deleteGUI.php
===================================================================
--- tags/2.4.4/http/php/mod_deleteGUI.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_deleteGUI.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -19,7 +19,7 @@
session_start();
import_request_variables("PG");
-require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
@@ -65,12 +65,13 @@
###delete
if($guiList){
- $sql = "DELETE FROM gui WHERE gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui WHERE gui_id = $1";
+ $v = array($guiList);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
}
-$sql_gui = "SELECT * FROM gui ";
-$sql_gui .= " ORDER BY gui_name";
+$sql_gui = "SELECT * FROM gui ORDER BY gui_name";
$res_gui = db_query($sql_gui);
$cnt_gui = 0;
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_deleteWFS.php
===================================================================
--- tags/2.4.4/http/php/mod_deleteWFS.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_deleteWFS.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -19,7 +19,7 @@
session_start();
import_request_variables("PG");
-require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
@@ -76,12 +76,13 @@
###delete
if($wfsList){
- $sql = "DELETE FROM wfs WHERE wfs_id = '".$wfsList."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM wfs WHERE wfs_id = $1";
+ $v = array($wfsList);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
}
-$sql_wfs = "SELECT * FROM wfs ";
-$sql_wfs .= " ORDER BY wfs_id";
+$sql_wfs = "SELECT * FROM wfs ORDER BY wfs_id";
$res_wfs = db_query($sql_wfs);
$cnt_wfs = 0;
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editElementVars.php
===================================================================
--- tags/2.4.4/http/php/mod_editElementVars.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editElementVars.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -19,7 +19,7 @@
import_request_variables("PG");
session_start();
-//include(dirname(__FILE__)."/../php/mb_validateSession.php");
+include(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editFilteredGroup.php
===================================================================
--- tags/2.4.4/http/php/mod_editFilteredGroup.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editFilteredGroup.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -138,11 +138,15 @@
echo "<select name='selected_group' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
+ $v = array();
+ $t = array();
if(isset($myGroup)){
- $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];
+ $sql .= "WHERE mb_group_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
}
$sql .= " ORDER BY mb_group_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_group_id"]."' ";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editFilteredUser.php
===================================================================
--- tags/2.4.4/http/php/mod_editFilteredUser.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editFilteredUser.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -185,9 +185,15 @@
echo "<select name='selected_user' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_user_name,mb_user_id FROM mb_user ";
- if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
- $sql .= " ORDER BY mb_user_name ";
- $res = db_query($sql);
+ $v = array();
+ $t = array();
+ if (isset($myUser)) {
+ $sql .= "WHERE mb_user_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
+ $sql .= " ORDER BY mb_user_name ";
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_user_id"]."' ";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editGroup.php
===================================================================
--- tags/2.4.4/http/php/mod_editGroup.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editGroup.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -136,9 +136,15 @@
echo "<select name='selected_group' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
- if(isset($myGroup)){ $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];}
+ $v = array();
+ $t = array();
+ if (isset($myGroup)) {
+ $sql .= "WHERE mb_group_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
$sql .= " ORDER BY mb_group_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_group_id"]."' ";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editGuiWms.php
===================================================================
--- tags/2.4.4/http/php/mod_editGuiWms.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editGuiWms.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -592,7 +592,7 @@
echo "<td style='background:lightgrey'><input type='text' size='2' name='L_".$layer_id[$i]."___layer_id' value='".$layer_id[$i]."' readonly></td>";
echo "<td><input type='text' size='1' name='L_".$layer_id[$i]."___layer_parent' value='".$layer_parent[$i]."' readonly></td>";
echo "<td style='background:lightgrey'><input type='text' size='7' value='".$layer_name[$i]."' readonly></td>";
- echo "<td><input type='text' name='".$layer_title[$i]."' size='12' value='".$layer_title[$i]."' ></td>";
+ echo "<td><input type='text' name='".$layer_title[$i]."' size='12' value='".$layer_title[$i]."' readonly></td>";
echo "<td style='background:lightgrey'><input name='L_".$layer_id[$i]."___gui_layer_status' type='checkbox' ";
if($gui_layer_status[$i] == 1){ echo "checked";}
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editGuiWmsMeta.php
===================================================================
--- tags/2.4.4/http/php/mod_editGuiWmsMeta.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editGuiWmsMeta.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -134,19 +134,23 @@
$function = $_REQUEST["function"];
if ( $function = "update" ) {
- $sql = "UPDATE layer SET layer_meta_datum = '".$_REQUEST["layer_meta_datum"]."'";
- $sql.= ", layer_meta_lieferant = '".$_REQUEST["layer_meta_lieferant"]."'";
- $sql.= ", layer_meta_quelle = '".$_REQUEST["layer_meta_quelle"]."'";
- $sql.= ", layer_meta_ansprechpartner = '".$_REQUEST["layer_meta_ansprechpartner"]."'";
- $sql.= ", layer_meta_lieferant_basis = '".$_REQUEST["layer_meta_lieferant_basis"]."'";
- $sql.= ", layer_meta_copyright = '".$_REQUEST["layer_meta_copyright"]."'";
- $sql.= " WHERE layer_id = ".$layer_id.";";
- $res = db_query($sql);
+ $sql = "UPDATE layer SET layer_meta_datum = $1, ";
+ $sql.= "layer_meta_lieferant = $2, ";
+ $sql.= "layer_meta_quelle = $3, ";
+ $sql.= "layer_meta_ansprechpartner = $4, ";
+ $sql.= "layer_meta_lieferant_basis = $5, ";
+ $sql.= "layer_meta_copyright = $6 ";
+ $sql.= " WHERE layer_id = $7;";
+ $v = array($_REQUEST["layer_meta_datum"], $_REQUEST["layer_meta_lieferant"], $_REQUEST["layer_meta_quelle"], $_REQUEST["layer_meta_ansprechpartner"], $_REQUEST["layer_meta_lieferant_basis"], $_REQUEST["layer_meta_copyright"], $layer_id);
+ $t = array("s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
}
}
- $sql = "SELECT * FROM layer WHERE layer_id = '".$layer_id."';";
- $res = db_query($sql);
+ $sql = "SELECT * FROM layer WHERE layer_id = $1;";
+ $v = array($layer_id);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if ( db_fetch_row($res, 0) ) {
echo " <h3>Editieren von Metadaten</h3>\n";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editUser.php
===================================================================
--- tags/2.4.4/http/php/mod_editUser.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editUser.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -200,9 +200,15 @@
echo "<select name='selected_user' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_user_name,mb_user_id FROM mb_user ";
- if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
+ $v = array();
+ $t = array();
+ if (isset($myUser)) {
+ $sql .= "WHERE mb_user_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
$sql .= " ORDER BY mb_user_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_user_id"]."' ";
@@ -339,5 +345,18 @@
?>
<input type='hidden' name='action' value=''>
</form>
+<script type="text/javascript">
+<!--
+var user=[];
+<?php
+for($i=0; $i<$cnt_user; $i++){
+ echo "user[".($i)."]=[];\n";
+ echo "user[".($i)."]['id']='" . $user_id[$i] . "';\n";
+ echo "user[".($i)."]['name']='" . $user_name[$i] . "';\n";
+ echo "user[".($i)."]['email']='" . $user_email[$i] . "';\n";
+}
+?>
+// -->
+</script>
</body>
</html>
\ No newline at end of file
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_editWMS_Metadata.php
===================================================================
--- tags/2.4.4/http/php/mod_editWMS_Metadata.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_editWMS_Metadata.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -77,15 +77,15 @@
function guessTimestamp($timestr)
{
- if (strstr($timestr, '.'))
+ if (strpos($timestr, '.'))
{
list($day, $month, $year) = explode(".", $timestr);
}
- elseif (strstr($timestr, '/'))
+ elseif (strpos($timestr, '/'))
{
list($month, $day, $year) = explode("/", $timestr);
}
- elseif (strstr($timestr, '-'))
+ elseif (strpos($timestr, '-'))
{
list($year, $month, $day) = explode("-", $timestr);
}
@@ -101,51 +101,69 @@
#Update handling
-if(isset($_REQUEST['update_content']) && $_REQUEST['update_content'] == true)
-{
+if (isset($_REQUEST['update_content']) && $_REQUEST['update_content'] == true) {
- $update_wms_sql = "UPDATE wms SET " .
- "wms_title = '".$_REQUEST['wms_title_box']."', " .
- "wms_abstract = '".$_REQUEST['wms_abstract_box']."', " .
- "fees = '".$_REQUEST['fees_box']."', " .
- "accessconstraints = '".$_REQUEST['accessconstraints_box']."', " .
- "contactperson = '".$_REQUEST['contactperson_box']."', " .
- "contactposition = '".$_REQUEST['contactposition_box']."', " .
- "contactorganization = '".$_REQUEST['contactorganization_box']."', " .
- "address = '".$_REQUEST['address_box']."', " .
- "city = '".$_REQUEST['city_box']."', " .
- "stateorprovince = '".$_REQUEST['stateorprovince_box']."', " .
- "postcode = '".$_REQUEST['postcode_box']."', " .
- "country = '".$_REQUEST['country_box']."', " .
- "contactvoicetelephone = '".$_REQUEST['contactvoicetelephone_box']."', " .
- "contactfacsimiletelephone = '".$_REQUEST['contactfacsimiletelephone_box']."', " .
- "contactelectronicmailaddress = '".$_REQUEST['contactelectronicmailaddress_box']."'";
- if (isset($_REQUEST['wms_timestamp_box']) && $_REQUEST['wms_timestamp_box'] <> "")
- {
- $update_wms_sql .= ", " . "wms_timestamp = " .
- "'".guessTimestamp($_REQUEST['wms_timestamp_box'])."' ";
- }
- $update_wms_sql .= "WHERE wms_id = '".$_REQUEST['wms_id']."'";
- $res_update_wms_sql = db_query($update_wms_sql);
- while(list($key,$val) = each($_REQUEST))
+ $update_wms_sql = "UPDATE wms SET ";
+ $update_wms_sql .= "wms_title = $1, wms_abstract = $2, fees = $3, ";
+ $update_wms_sql .= "accessconstraints = $4, contactperson = $5, ";
+ $update_wms_sql .= "contactposition = $6, contactorganization = $7, ";
+ $update_wms_sql .= "address = $8, city = $9, stateorprovince = $10, ";
+ $update_wms_sql .= "postcode = $11, country = $12, ";
+ $update_wms_sql .= "contactvoicetelephone = $13, ";
+ $update_wms_sql .= "contactfacsimiletelephone = $14, ";
+ $update_wms_sql .= "contactelectronicmailaddress = $15 ";
+
+ $v = array();
+ array_push($v, $_REQUEST['wms_title_box']);
+ array_push($v, $_REQUEST['wms_abstract_box']);
+ array_push($v, $_REQUEST['fees_box']);
+ array_push($v, $_REQUEST['accessconstraints_box']);
+ array_push($v, $_REQUEST['contactperson_box']);
+ array_push($v, $_REQUEST['contactposition_box']);
+ array_push($v, $_REQUEST['contactorganization_box']);
+ array_push($v, $_REQUEST['address_box']);
+ array_push($v, $_REQUEST['city_box']);
+ array_push($v, $_REQUEST['stateorprovince_box']);
+ array_push($v, $_REQUEST['postcode_box']);
+ array_push($v, $_REQUEST['country_box']);
+ array_push($v, $_REQUEST['contactvoicetelephone_box']);
+ array_push($v, $_REQUEST['contactfacsimiletelephone_box']);
+ array_push($v, $_REQUEST['contactelectronicmailaddress_box']);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+
+ if (isset($_REQUEST['wms_timestamp_box']) && $_REQUEST['wms_timestamp_box'] <> "") {
+ $update_wms_sql .= ", wms_timestamp = $16 ";
+ array_push($v, guessTimestamp($_REQUEST['wms_timestamp_box']));
+ array_push($t, "s");
+
+ $update_wms_sql .= "WHERE wms_id = $17";
+ }
+ else {
+ $update_wms_sql .= "WHERE wms_id = $16";
+ }
+ array_push($v, $_REQUEST['wms_id']);
+ array_push($t, "s");
+
+ $res_update_wms_sql = db_prep_query($update_wms_sql, $v, $t);
+
+ while(list($key,$val) = each($_REQUEST))
{
if(preg_match("/___/", $key))
{
$myKey = explode("___", $key);
- $layer_id = str_replace("L_","",$myKey[0]);
- if($myKey[1]=="layer_abstract")
- {
- $layer_sql = "UPDATE layer SET layer_abstract = '$val' " .
- "WHERE layer_id = $layer_id AND fkey_wms_id = '".$_REQUEST['wms_id']."'";
- $res_keyword_sql = db_query($layer_sql);
+ $layer_id = preg_replace("/L_/","",$myKey[0]);
+ if($myKey[1]=="layer_abstract") {
+ $layer_sql = "UPDATE layer SET layer_abstract = $1 ";
+ $layer_sql .= "WHERE layer_id = $2 AND fkey_wms_id = $3";
+ $v = array($val, $layer_id, $_REQUEST['wms_id']);
+ $t = array("s", "i", "s");
+ $res_keyword_sql = db_prep_query($layer_sql, $v, $t);
}
- if($myKey[1]=="layer_keywords")
- {
+ if($myKey[1]=="layer_keywords") {
#Get all keywords depending on the given layer after user modification
$keywords = explode(",",$val);
#delete all blanks from the keywords list
- for($j = 0; $j < count($keywords); $j++)
- {
+ for ($j = 0; $j < count($keywords); $j++) {
$word = $keywords[$j];
$word = trim($word);
$keywords[$j] = $word;
@@ -155,9 +173,12 @@
$keyword_sql = "SELECT keyword_id, keyword FROM keyword, layer_keyword, layer " .
"WHERE keyword.keyword_id = layer_keyword.fkey_keyword_id " .
"AND layer_keyword.fkey_layer_id = layer.layer_id " .
- "AND layer.fkey_wms_id = '".$_REQUEST['wms_id']."'" .
- "AND layer.layer_id = $layer_id";
- $res_keyword_sql = db_query($keyword_sql);
+ "AND layer.fkey_wms_id = $1 " .
+ "AND layer.layer_id = $2";
+
+ $v = array($_REQUEST['wms_id'], $layer_id);
+ $t = array("s", "i");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
while($keyword_row = db_fetch_array($res_keyword_sql))
{
$keyword = $keyword_row['keyword'];
@@ -171,19 +192,25 @@
#echo "1c: Keyword nicht in User Liste: Keyword: ", $keyword, ";<br>";
#Deleting reference to the keyword from the layer_keyword table.
$keyword_sql = "DELETE FROM layer_keyword " .
- "WHERE fkey_layer_id = $layer_id " .
- "AND fkey_keyword_id = $keyword_id";
- db_query($keyword_sql);
+ "WHERE fkey_layer_id = $1 " .
+ "AND fkey_keyword_id = $2";
+ $v = array($layer_id, $keyword_id);
+ $t = array("i", "i");
+ db_prep_query($keyword_sql, $v, $t);
#Checking, if the keyword is in use by any layer
$layer_sql = "SELECT * FROM layer_keyword " .
- "WHERE fkey_keyword_id = $keyword_id";
- $res_layer_sql = db_query($layer_sql);
+ "WHERE fkey_keyword_id = $1";
+ $v = array($keyword_id);
+ $t = array("i");
+ $res_layer_sql = db_prep_query($layer_sql, $v, $t);
if(!($row = db_fetch_array($res_layer_sql)))
{
#If keyword will not longer be in use, delete it from keyword table
$keyword_sql = "DELETE FROM keyword " .
- "WHERE keyword_id = $keyword_id";
- db_query($keyword_sql);
+ "WHERE keyword_id = $1";
+ $v = array($keyword_id);
+ $t = array("i");
+ db_prep_query($keyword_sql, $v, $t);
}
}
#Keyword exists in the database and in the user data
@@ -211,8 +238,10 @@
$keyword = trim($keywords[$i]);
#Check, if the keyword is exsiting in the database
$keyword_sql = "SELECT keyword_id FROM keyword " .
- "WHERE UPPER(keyword) = UPPER('$keyword')";
- $res_keyword_sql = db_query($keyword_sql);
+ "WHERE UPPER(keyword) = UPPER($1)";
+ $v = array($keyword);
+ $t = array("s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
$keyword_row = db_fetch_array($res_keyword_sql);
#Keyword exists in the database
if($keyword_row != null)
@@ -223,10 +252,15 @@
#Keyword does not exist in the database
else
{
- $keyword_sql = "INSERT INTO keyword (keyword) VALUES ('$keyword')";
- $res_keyword_sql = db_query($keyword_sql);
- $keyword_sql = "SELECT keyword_id FROM keyword WHERE keyword = '$keyword'";
- $res_keyword_sql = db_query($keyword_sql);
+ $keyword_sql = "INSERT INTO keyword (keyword) VALUES ($1)";
+ $v = array($keyword);
+ $t = array("s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
+
+ $keyword_sql = "SELECT keyword_id FROM keyword WHERE keyword = $1";
+ $v = array($keyword);
+ $t = array("s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
$keyword_row = db_fetch_array($res_keyword_sql);
if($keyword_row != null)
{
@@ -236,8 +270,10 @@
}
#Inserting the reference between layer and keyword in the layer_keyword table
$keyword_sql = "INSERT INTO layer_keyword (fkey_layer_id, fkey_keyword_id) " .
- "VALUES ('$layer_id', '$keyword_id')";
- $res_keyword_sql = db_query($keyword_sql);
+ "VALUES ($1, $2)";
+ $v = array($layer_id, $keyword_id);
+ $t = array("s", "s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
}
}
#Delete all elements from array
@@ -253,8 +289,10 @@
if(isset($_REQUEST['delete_preview']) && $_REQUEST['delete_preview']=='1'
&& isset($_REQUEST['layer_id']))
{
- $preview_sql = "DELETE FROM layer_preview WHERE fkey_layer_id = ".$_REQUEST['layer_id']."";
- $res_preview_sql = db_query($preview_sql);
+ $preview_sql = "DELETE FROM layer_preview WHERE fkey_layer_id = $1";
+ $v = array($_REQUEST['layer_id']);
+ $t = array("s");
+ $res_preview_sql = db_prep_query($preview_sql, $v, $t);
die("Preview has been deleted!</body></html>");
}
?>
@@ -277,8 +315,10 @@
{
#Querying information from wms data table
- $wms_sql = "SELECT wms_id, wms_title FROM wms WHERE wms_owner = ".$_SESSION["mb_user_id"]. " ORDER BY wms_title";
- $res_wms_sql = db_query($wms_sql);
+ $wms_sql = "SELECT wms_id, wms_title FROM wms WHERE wms_owner = $1 ORDER BY wms_title";
+ $v = array($_SESSION["mb_user_id"]);
+ $t = array("i");
+ $res_wms_sql = db_prep_query($wms_sql, $v, $t);
#wms-selection
$selectBox = "";
@@ -321,8 +361,10 @@
if(isset($wms_id) == true && $wms_id <>0)
{
- $selected_wms_sql = "SELECT * FROM wms WHERE wms_id = '".$wms_id."'";
- $res_selected_wms_sql = db_query($selected_wms_sql);
+ $selected_wms_sql = "SELECT * FROM wms WHERE wms_id = $1";
+ $v = array($wms_id);
+ $t = array("s");
+ $res_selected_wms_sql = db_prep_query($selected_wms_sql, $v, $t);
$selected_row = db_fetch_array($res_selected_wms_sql);
?>
@@ -400,9 +442,11 @@
<?php
- $layer_sql = "SELECT * FROM layer WHERE layer.fkey_wms_id = '".$wms_id."'" .
+ $layer_sql = "SELECT * FROM layer WHERE layer.fkey_wms_id = $1" .
" ORDER BY layer_pos";
- $res_layer_sql = db_query($layer_sql);
+ $v = array($wms_id);
+ $t = array("s");
+ $res_layer_sql = db_prep_query($layer_sql, $v, $t);
while($layer_row = db_fetch_array($res_layer_sql))
{
@@ -419,9 +463,11 @@
$keyword_sql = "SELECT keyword FROM keyword, layer_keyword, layer " .
"WHERE keyword.keyword_id = layer_keyword.fkey_keyword_id " .
"AND layer_keyword.fkey_layer_id = layer.layer_id " .
- "AND layer.fkey_wms_id = '".$wms_id."' " .
- "AND layer.layer_id = ".$layer_row['layer_id']."";
- $res_keyword_sql = db_query($keyword_sql);
+ "AND layer.fkey_wms_id = $1 " .
+ "AND layer.layer_id = $2";
+ $v = array($wms_id, $layer_row['layer_id']);
+ $t = array("s", "i");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
$keywordList = "";
$seperator = "";
while($keyword_row = db_fetch_array($res_keyword_sql))
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_edit_element_vars.php
===================================================================
--- tags/2.4.4/http/php/mod_edit_element_vars.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_edit_element_vars.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -110,13 +110,20 @@
<?php
# handle database updates etc.....
if(isset($mySave) && $mySave == '1'){
- if($SYS_DBTYPE=='pgsql'){
- $sql[0] = "SET AUTOCOMMIT=1;";}
- else{
- $sql[0] = "SET AUTOCOMMIT=0;shit happens";
- }
- $sql[1] = "BEGIN;";
- $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' and ....";
+ if ($SYS_DBTYPE=='pgsql') {
+ $sql[0] = "SET AUTOCOMMIT=1;";
+ }
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0;shit happens";
+ }
+ $v[0] = array();
+ $t[0] = array();
+ $sql[1] = "BEGIN;";
+ $v[1] = array();
+ $t[1] = array();
+ $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+ $v[2] = array($e_id, $guiList1);
+ $t[2] = array("s", "s");
if($e_left < 1){$e_left = "NULL";}
@@ -124,25 +131,32 @@
if($e_width < 1){$e_width = "NULL";}
if($e_height < 1){$e_height = "NULL";}
if($e_z_index < 1){$e_z_index = "NULL";}
- $sql[3] = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".$e_content."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
+ $sql[3] = "INSERT INTO gui_element_vars ";
+ $sql[3] .= "(fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, ";
+ $sql[3] .= "e_attributes, e_left, e_top, e_width, e_height, e_z_index, ";
+ $sql[3] .= "e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, ";
+ $sql[3] .= "e_requires) ";
+ $sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20)";
+ $v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, $e_content, $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+ $t[3] = array("s", "s", "i", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
#echo $sql[3];
- foreach ($sql as $mysql){
- $res = db_query($mysql);
- if(!$res){echo $mysql; break;}
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
}
if($res){
- $res = db_query( "COMMIT");
+ $res = db_query( "COMMIT");
$res = db_query( "SET AUTOCOMMIT=1");
}
else{
$res = db_query( "ROLLBACK");
$res = db_query( "SET AUTOCOMMIT=1");
}
- }
+}
if(isset($myDelete) && $myDelete == '1'){
- $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' AND var_name='".$var_name."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2 AND var_name= $3";
+ $v = array($e_id, $guiList1, $var_name);
+ $t = array("s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
$e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
$e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
$e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -154,24 +168,37 @@
echo "</script>";
}
if(isset($all) && $all == '1'){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."' AND fkey_e_id = '".$e_id."' and var_name='".$var_name."' ;";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3;";
+ $v = array($guiList2, $e_id, $var_name);
+ $t = array("s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".db_result($res,$cnt,"fkey_e_id")."' and var_name='".$var_name."' ";
- $res_del = db_query($sql_del);
+ $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3";
+ $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), $var_name);
+ $t = array("s", "s", "s");
+ $res_del = db_prep_query($sql_del, $v, $t);
if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
- $sql_ins = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
- $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
+ $sql_ins = "INSERT INTO gui_element_vars ";
+ $sql_ins .= "(fkey_gui_id, e_id, e_pos,e_public, e_comment, e_element, ";
+ $sql_ins .= "e_src, e_attributes, e_left, e_top, e_width, e_height, ";
+ $sql_ins .= "e_z_index, e_more_styles, e_content, e_closetag, e_js_file, ";
+ $sql_ins .= "e_mb_mod, e_target, e_requires) ";
+ $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+ $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, ";
+ $sql_ins .= "$19, $20)";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
- $res_ins = db_query($sql_ins);
- if(!$res_ins){echo db_error($connect); }
+ $res_ins = db_prep_query($sql_ins, $v, $t);
+ if (!$res_ins) {
+ echo db_error($connect);
+ }
$cnt++;
}
}
@@ -179,8 +206,10 @@
echo "<script language='javascript'>";
echo "var varIDs = new Array();";
if(isset($guiList1)){
- $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."'";
- $res = db_query($sql);
+ $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($guiList1, $e_id);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
echo "varIDs[".$cnt."] = '".db_result($res,$cnt,"var_name")."'; ";
@@ -284,8 +313,10 @@
if(isset($guiList1)){
echo "<div class='guiList2_header'>Templates</div>";
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id='".$e_id."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($guiList1, $e_id);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<div class='myElements'><table>";
while($row = db_fetch_array($res)){
@@ -303,9 +334,11 @@
#Formular:
echo "<table class='myForm'>";
if(isset($guiList1) && isset($var_name)){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."' AND var_name='".$var_name."'";
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = '".$e_id."' AND var_name = $2";
+ $v = array($guiList1, $var_name);
+ $t = array("s", "s");
//echo $sql;
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<tr><td>ID: </td><td><input type='text' class='textfield' readonly name='e_id' value='".$e_id."'></td></tr>";
echo "<tr><td>Var Type: </td><td><input type='text' class='textfield' name='type' value='".$row["type"]."'></td></tr>";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_edit_metadata.php
===================================================================
--- tags/2.4.4/http/php/mod_edit_metadata.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_edit_metadata.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -112,45 +112,71 @@
# handle database updates etc.....
if(isset($mySave) && ($mySave == '1' || $mySave == '2')) {
if ($mySave == '1'){
- $sql_vars = "SELECT * FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
- $res_vars = db_query($sql_vars);
+ $sql_vars = "SELECT * FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+ $v = array($e_id, $guiList1);
+ $t = array("s", "s");
+ $res_vars = db_prep_query($sql_vars, $v, $t);
//$rows = db_fetch_array($res_vars);
- if($SYS_DBTYPE=='pgsql')
- {
- $sql[0] = "SET AUTOCOMMIT=1";
- }
- else
- {
- $sql[0] = "SET AUTOCOMMIT=0";
- }
- $sql[1] = "BEGIN";
- $sql[2] = "DELETE FROM gui_element WHERE e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
+ $sql = array();
+ $v = array();
+ $t = array();
+ if ($SYS_DBTYPE == "pgsql") {
+ $sql[0] = "SET AUTOCOMMIT=1";
+ $v[0] = array();
+ $t[0] = array();
+ }
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0";
+ $v[0] = array();
+ $t[0] = array();
+ }
+ $sql[1] = "BEGIN";
+ $v[1] = array();
+ $t[1] = array();
+
+ $sql[2] = "DELETE FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
+ $v[2] = array($e_id, $guiList1);
+ $t[2] = array("s", "s");
-
if($e_left < 1){$e_left = "NULL";}
if($e_top < 1){$e_top = "NULL";}
if($e_width < 1){$e_width = "NULL";}
if($e_height < 1){$e_height = "NULL";}
if($e_z_index < 1){$e_z_index = "NULL";}
- $sql[3] = "INSERT INTO gui_element(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".db_escape_string($e_content)."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
-
+ $sql[3] = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, ";
+ $sql[3] .= "e_comment, e_element, e_src, e_attributes, e_left, e_top, ";
+ $sql[3] .= "e_width, e_height, e_z_index, e_more_styles, e_content, ";
+ $sql[3] .= "e_closetag, e_js_file, e_mb_mod, e_target, e_requires) ";
+ $sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, ";
+ $sql[3] .= "$13, $14, $15, $16, $17, $18, $19, $20)";
+ $v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, db_escape_string($e_content), $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+ $t[3] = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
}
# mySave == 2 <=> just save GUI description
elseif ($mySave == '2') {
- if($SYS_DBTYPE=='pgsql')
- {
- $sql[0] = "SET AUTOCOMMIT=1";
- }
- else
- {
- $sql[0] = "SET AUTOCOMMIT=0";
+ $sql = array();
+ $v = array();
+ $t = array();
+ if ($SYS_DBTYPE == "pgsql") {
+ $sql[0] = "SET AUTOCOMMIT=1";
+ $v[0] = array();
+ $t[0] = array();
}
- $sql[1] = "BEGIN";
- $sql[3] = "UPDATE gui SET gui_description = '". $guiDesc."' WHERE gui_id ='".$guiId."'";
- }
- foreach ($sql as $mysql){
- $res = db_query($mysql);
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0";
+ $v[0] = array();
+ $t[0] = array();
+ }
+ $sql[1] = "BEGIN";
+ $v[1] = array();
+ $t[1] = array();
+
+ $sql[2] = "UPDATE gui SET gui_description = $1 WHERE gui_id = $2";
+ $v[2] = array($guiDesc, $guiId);
+ $t[2] = array("s", "s");
+ }
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
if(!$res){break;}
}
if($res){
@@ -161,19 +187,25 @@
$res = db_query( "ROLLBACK");
$res = db_query( "SET AUTOCOMMIT=1");
}
- if(isset($sql_vars)){//sicherstellen das keine Element_Vars gelöscht wurden
+ if(isset($sql_vars)){//sicherstellen das keine Element_Vars gel�scht wurden
while($row = db_fetch_array($res_vars)){
- $securesql = "INSERT INTO gui_element_vars (fkey_gui_id,fkey_e_id,var_name,var_value,context,type) VALUES ('".$guiList1."','".$e_id."','".$row["var_name"]."','".$row["var_value"]."','".$row["context"]."','".$row["type"]."');";
- //echo $securesql."<BR>";
- $secureinsert = db_query($securesql);
- }
- }
+ $securesql = "INSERT INTO gui_element_vars (fkey_gui_id, ";
+ $securesql .= "fkey_e_id, var_name, var_value, context,type) ";
+ $securesql .= "VALUES ($1, $2, $3, $4, $5, $6)";
+ $v = array($guiList1, $e_id, $row["var_name"], $row["var_value"], $row["context"], $row["type"]);
+ $t = array("s", "s", "s", "s", "s", "s");
+ //echo $securesql."<BR>";
+ $secureinsert = db_prep_query($securesql, $v, $t);
+ }
+ }
if(!$res){break;}
}
if(isset($myDelete) && $myDelete == '1'){
- $sql = "DELETE FROM gui_element WHERE e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
+ $v = array($e_id, $guiList1);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
$e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
$e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -185,33 +217,47 @@
echo "</script>";
}
if(isset($all) && $all == '1'){
- $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1";
+ $v = array($guiList2);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_del = "DELETE FROM gui_element WHERE fkey_gui_id = '".$guiList1."' AND e_id = '".db_result($res,$cnt,"e_id")."'";
- $res_del = db_query($sql_del);
+ $sql_del = "DELETE FROM gui_element WHERE fkey_gui_id = $1 AND e_id = $2";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"));
+ $t = array("s", "s");
+ $res_del = db_prep_query($sql_del, $v, $t);
if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
- $sql_ins = "INSERT INTO gui_element(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
- $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
-
- $res_ins = db_query($sql_ins);
+ $sql_ins = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, ";
+ $sql_ins .= "e_comment, e_element, e_src, e_attributes, e_left, e_top, ";
+ $sql_ins .= "e_width, e_height, e_z_index, e_more_styles, e_content, ";
+ $sql_ins .= "e_closetag, e_js_file, e_mb_mod, e_target, e_requires) ";
+ $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+ $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, $19);";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
+
+ $res_ins = db_prep_query($sql_ins, $v, $t);
if(!$res_ins){echo db_error($con); }
$cnt++;
}
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1";
+ $v = array($guiList2);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_ins2 = "INSERT INTO gui_element_vars(fkey_gui_id,fkey_e_id,var_name,var_value,context,type) ";
- $sql_ins2 .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"fkey_e_id")."','".db_result($res,$cnt,"var_name")."','".db_escape_string(db_result($res,$cnt,"var_value"))."','".db_escape_string(db_result($res,$cnt,"context"))."','".db_result($res,$cnt,"type")."')";
- $res_ins2 = db_query($sql_ins2);
+ $sql_ins2 = "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, ";
+ $sql_ins2 .= "var_name, var_value, context, type) VALUES (";
+ $sql_ins2 .= "$1, $2, $3, $4, $5, $6);";
+ $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), db_result($res,$cnt,"var_name"), db_escape_string(db_result($res,$cnt,"var_value")), db_escape_string(db_result($res,$cnt,"context")), db_result($res,$cnt,"type"));
+ $t = array("s", "s", "s", "s", "s", "s");
+ $res_ins2 = db_prep_query($sql_ins2, $v, $t);
if(!$res_ins2){echo db_error($connect); }
$cnt++;
@@ -223,8 +269,10 @@
echo "<script language='javascript'>";
echo "var guiIDs = new Array();";
if(isset($guiList1)){
- $sql = "SELECT e_id FROM gui_element WHERE fkey_gui_id = '".$guiList1."'";
- $res = db_query($sql);
+ $sql = "SELECT e_id FROM gui_element WHERE fkey_gui_id = $1";
+ $v = array($guiList1);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
echo "guiIDs[".$cnt."] = '".db_result($res,$cnt,"e_id")."'; ";
@@ -313,14 +361,20 @@
$permguis = $admin->getGuisByPermission($_SESSION["mb_user_id"],true);
echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>\n";
-$sql = "SELECT * from gui WHERE gui.gui_id IN(";
-for($i=0; $i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
+$sql = "SELECT * from gui WHERE gui.gui_id IN (";
+$v = $ownguis;
+$t = array();
+
+for ($i = 1; $i <= count($ownguis); $i++) {
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ")";
//echo $sql;
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
$count=0;
while(db_fetch_row($res)){
$gui_id_own[$count]=db_result($res,$count,"gui_id");
@@ -330,13 +384,19 @@
}
-$sql = "SELECT * from gui WHERE gui.gui_id IN(";
-for($i=0; $i<count($permguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$permguis[$i]."'";
+$sql = "SELECT * from gui WHERE gui.gui_id IN (";
+$v = $permguis;
+$t = array();
+
+for ($i = 1; $i <= count($permguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ")";
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
$gui_id_perm[$count]= $row["gui_id"];
@@ -413,8 +473,10 @@
else{
echo "<div class='guiList2_header'>Templates</div>\n";
}
- $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."' ORDER BY e_id";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 ORDER BY e_id";
+ $v = array($guiList2);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<div class='myElements'>\n<table>\n";
@@ -440,8 +502,10 @@
#Formular:
echo "<table class='myForm'>\n";
if(isset($myElement)){
- $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."' AND e_id = '".$myElement."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 AND e_id = $2";
+ $v = array($guiList2, $myElement);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
if(db_fetch_row($res)){
echo "<tr><td>ID: </td><td><input type='text' class='textfield' name='e_id' value='".db_result($res,0,"e_id")."'></td></tr>\n";
echo "<tr><td>Position: </td><td><input type='text' class='textfield' name='e_pos' value='".db_result($res,0,"e_pos")."'></td></tr>\n";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_evalArea.php
===================================================================
--- tags/2.4.4/http/php/mod_evalArea.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_evalArea.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -20,6 +20,7 @@
include '../include/dyn_css.php';
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
+require_once(dirname(__FILE__)."/../classes/class_mb_exception.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
@@ -61,55 +62,71 @@
$posY = explode (",", $y);
-if(SYS_DBTYPE=='pgsql'){
- if(count($posX) > 3){
- $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
- for($i=0; $i<count($posX); $i++){
- if($i>0){$sql .= ",";}
- $sql .= $posX[$i] . " " . $posY[$i];
- }
- $sql .= ")))',".rawurldecode($epsg).")) as myArea";
- $res = db_query($sql);
- if($row = db_fetch_array($res)){
- echo "Fläche: ".round($row[0]*100)/100 . " m<sup>2</sup>";
- }
+// check if parameters are valid geometries to
+// avoid SQL injections
+$regExp = "/\d(,\d)*/";
+if (preg_match($regExp, $x) && preg_match($regExp, $y)) {
+
+ if(SYS_DBTYPE=='pgsql'){
+ if (count($posX) > 3) {
+ $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
+ for ($i = 0; $i < count($posX); $i++) {
+ if ($i > 0) {
+ $sql .= ",";
+ }
+ $sql .= $posX[$i] . " " . $posY[$i];
+ }
+ $sql .= ")))',".rawurldecode($epsg).")) as myArea";
+
+ // the input parameters are valid
+ $res = db_query($sql);
+ if($row = db_fetch_array($res)){
+ echo "Fläche: ".round($row[0]*100)/100 . " m<sup>2</sup>";
+ }
+ }
+ else{
+ echo "Fläche: 0 m<sup>2</sup>";
+ }
+ }else{
+ #echo "Fl�chenberechnung f�r MySQL liegt derzeit nicht vor<br></sup>";
+ #$con = db_connect($GEOS_DBSERVER,$GEOS_PORT,$GEOS_OWNER,$GEOS_PW);
+ #db_select_db($GEOS_DBSERVER,$con);
+ $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
+
+ $con = pg_connect($con_string) or die ("Error while connecting database");
+
+
+ if(count($posX) > 3){
+ $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
+ $i==0;
+ for($i=0; $i<count($posX); $i++){
+ if($i>0){$sql .= ",";}
+ $sql .= $posX[$i] . " " . $posY[$i];
+ }
+ $sql .= ")))',".rawurldecode($epsg).")) as myArea";
+ $res = pg_query($con,$sql);
+
+ $cnt = 0;
+ while(pg_fetch_row($res)){
+ $area = pg_fetch_result($res,$cnt,0);
+ echo "Fläche: ".round($area*100)/100 . " m<sup>2</sup>";
+ $cnt++;
+ }
+ }
+ else{
+ echo "Fläche: 0 m<sup>2</sup>";
+ }
}
- else{
- echo "Fläche: 0 m<sup>2</sup>";
- }
-}else{
- #echo "Flächenberechnung für MySQL liegt derzeit nicht vor<br></sup>";
- #$con = db_connect($GEOS_DBSERVER,$GEOS_PORT,$GEOS_OWNER,$GEOS_PW);
- #db_select_db($GEOS_DBSERVER,$con);
- $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
- $con = pg_connect($con_string) or die ("Error while connecting database");
-
-
- if(count($posX) > 3){
- $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
- $i==0;
- for($i=0; $i<count($posX); $i++){
- if($i>0){$sql .= ",";}
- $sql .= $posX[$i] . " " . $posY[$i];
- }
- $sql .= ")))',".rawurldecode($epsg).")) as myArea";
- $res = pg_query($con,$sql);
-
- $cnt = 0;
- while(pg_fetch_row($res)){
- $area = pg_fetch_result($res,$cnt,0);
- echo "Fläche: ".round($area*100)/100 . " m<sup>2</sup>";
- $cnt++;
- }
- }
- else{
- echo "Fläche: 0 m<sup>2</sup>";
- }
+ echo "<br>";
+ echo "Umfang: ". $length . " m";
+}
+else {
+ $e = new mb_exception("mod_evalArea.php: invalid input geometry; coordinates not float values.");
+ echo "Fläche: 0 m<sup>2</sup>";
}
-echo "<br>";
-echo "Umfang: ". $length . " m";
+
#Centroid(geometry)
/*
$sql = "SELECT Centroid(GeometryFromText('MULTIPOLYGON(((";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_forgottenPassword.php
===================================================================
--- tags/2.4.4/http/php/mod_forgottenPassword.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_forgottenPassword.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -19,6 +19,7 @@
require_once(dirname(__FILE__)."/../classes/class_administration.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
import_request_variables("PG");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_gazLayerObj_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_gazLayerObj_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_gazLayerObj_conf.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -17,6 +17,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
require(dirname(__FILE__)."/../../conf/mapbender.conf");
?>
@@ -76,9 +77,11 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
- $sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = '".$_REQUEST["myWFS"]."' ";
- $sql .= "WHERE fkey_gui_id='".$_REQUEST["gui"]."' AND fkey_layer_id=".$_REQUEST["layer"];
- $res = db_query($sql);
+ $sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = $1 ";
+ $sql .= "WHERE fkey_gui_id = $2 AND fkey_layer_id = $3";
+ $v = array($_REQUEST["myWFS"], $_REQUEST["gui"], $_REQUEST["layer"]);
+ $t = array("s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
echo "layer is connected with: ".$_REQUEST["myWFS"];
die();
}
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_gazLayerObj_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_gazLayerObj_edit.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_gazLayerObj_edit.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -17,6 +17,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../../conf/mapbender.conf");
?>
<html>
@@ -54,29 +55,34 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE gazetteer SET ";
- $sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."'";
- $sql .= " WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"].";";
+ $sql .= "gazetteer_abstract = $1, ";
+ $sql .= "g_label = $2, ";
+ $sql .= "g_label_id = $3, ";
+ $sql .= "g_button = $4, ";
+ $sql .= "g_button_id = $5, ";
+ $sql .= "g_style = $6, ";
+ $sql .= "g_buffer = $7 ";
+ $sql .= "WHERE gazetteer_id = $8;";
- $res = db_query($sql);
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["fkey_gazetteer_id"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
- for($i=0; $i<count($_REQUEST["f_id"]); $i++){
+ for ($i = 0; $i < count($_REQUEST["f_id"]); $i++){
$sql = "UPDATE gazetteer_element SET ";
- $sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
- $sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
- $sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
- $sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
+ $sql .= "f_search = $1, ";
+ $sql .= "f_pos = $2, ";
+ $sql .= "f_style_id = $3, ";
+ $sql .= "f_label = $4, ";
+ $sql .= "f_label_id = $5, ";
+ $sql .= "f_show = $6, ";
+ $sql .= "f_respos = $7 ";
+ $sql .= "WHERE fkey_gazetteer_id = $8 AND f_id = $9;";
- $res = db_query($sql);
+ $v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["fkey_gazetteer_id"], $_REQUEST["f_id"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "i");
+
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -92,8 +98,10 @@
/* configure elements */
if(isset($_REQUEST["fkey_gazetteer_id"])){
- $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
- $res = db_query($sql);
+ $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+ $v = array($_REQUEST["fkey_gazetteer_id"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>ID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -110,8 +118,10 @@
/* set element options */
$sql = "SELECT * FROM gazetteer_element ";
$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
- $res = db_query($sql);
+ $sql .= "WHERE fkey_gazetteer_id = $1";
+ $v = array($_REQUEST["fkey_gazetteer_id"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr>";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_gazetteer_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_gazetteer_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_gazetteer_conf.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -17,6 +17,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
require(dirname(__FILE__)."/../../conf/mapbender.conf");
?>
@@ -72,36 +73,22 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "INSERT INTO gazetteer (gazetteer_abstract,fkey_wfs_id,fkey_featuretype_id,g_label,g_label_id,g_button,g_button_id,g_style,g_buffer,g_res_style,g_use_wzgraphics) VALUES(";
- $sql .= "'".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "'".$_REQUEST["wfs"]."',";
- $sql .= "'".$_REQUEST["featuretype"]."',";
- $sql .= "'".$_REQUEST["g_label"]."',";
- $sql .= "'".$_REQUEST["g_label_id"]."',";
- $sql .= "'".$_REQUEST["g_button"]."',";
- $sql .= "'".$_REQUEST["g_button_id"]."',";
- $sql .= "'".$_REQUEST["g_style"]."',";
- $sql .= "'".$_REQUEST["g_buffer"]."',";
- $sql .= "'".$_REQUEST["g_res_style"]."',";
- $sql .= $_REQUEST["g_use_wzgraphics"];
- $sql .= "); ";
-
- $res = db_query($sql);
+ $sql = "INSERT INTO gazetteer (gazetteer_abstract, fkey_wfs_id, ";
+ $sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
+ $sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics) ";
+ $sql .= "VALUES($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11);";
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["g_use_wzgraphics"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
$wfsID = db_insert_id($con);
for($i=0; $i<count($_REQUEST["f_id"]); $i++){
- $sql = "INSERT INTO gazetteer_element (fkey_gazetteer_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos) VALUES(";
- $sql .= "'".$wfsID."',";
- $sql .= "'".$_REQUEST["f_id"][$i]."',";
- $sql .= "'".$_REQUEST["f_search"][$i]."',";
- $sql .= "'".$_REQUEST["f_pos"][$i]."',";
- $sql .= "'".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "'".$_REQUEST["f_toupper"][$i]."',";
- $sql .= "'".$_REQUEST["f_label"][$i]."',";
- $sql .= "'".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "'".$_REQUEST["f_show"][$i]."',";
- $sql .= "'".$_REQUEST["f_respos"][$i]."'";
- $sql .= "); ";
- $res = db_query($sql);
+ $sql = "INSERT INTO gazetteer_element (fkey_gazetteer_id, ";
+ $sql .= "f_id, f_search, f_pos, f_style_id, f_toupper, f_label, ";
+ $sql .= "f_label_id, f_show, f_respos) VALUES (";
+ $sql .= "$1, $2, $3, $4, $5, $6, $7, $8, $9, $10);";
+ $v = array($wfsID, $_REQUEST["f_id"][$i], $_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_toupper"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -141,7 +128,7 @@
echo "<tr><td>Title:</td><td>".$aWFS->wfs_title[$i]."</td></tr>";
echo "<tr><td>Abstract:</td><td>".$aWFS->wfs_abstract[$i]."</td></tr>";
echo "<tr><td>Capabilities:</td><td>".$aWFS->wfs_getcapabilities[$i]."</td></tr>";
- echo "<tr><td>FeaturTypes:</td><td>".$aWFS->wfs_describefeaturetype[$i]."</td></tr>";
+ echo "<tr><td>FeatureTypes:</td><td>".$aWFS->wfs_describefeaturetype[$i]."</td></tr>";
echo "<tr><td>Feature:</td><td>".$aWFS->wfs_getfeature[$i]."</td></tr>";
echo "</table>";
}
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_gazetteer_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_gazetteer_edit.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_gazetteer_edit.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -17,6 +17,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../../conf/mapbender.conf");
?>
<html>
@@ -56,31 +57,34 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE gazetteer SET ";
- $sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."',";
- $sql .= "g_res_style = '".$_REQUEST["g_res_style"]."',";
- $sql .= "g_use_wzgraphics = ".$_REQUEST["g_use_wzgraphics"];
- $sql .= " WHERE gazetteer_id = ".$_REQUEST["gaz"].";";
- $res = db_query($sql);
+ $sql .= "gazetteer_abstract = $1, ";
+ $sql .= "g_label = $2, ";
+ $sql .= "g_label_id = $3, ";
+ $sql .= "g_button = $4, ";
+ $sql .= "g_button_id = $5, ";
+ $sql .= "g_style = $6, ";
+ $sql .= "g_buffer = $7, ";
+ $sql .= "g_res_style = $8, ";
+ $sql .= "g_use_wzgraphics = $9 ";
+ $sql .= "WHERE gazetteer_id = $10;";
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["g_use_wzgraphics"], $_REQUEST["gaz"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i");
+ $res = db_prep_query($sql, $v, $t);
for($i=0; $i<count($_REQUEST["f_id"]); $i++){
$sql = "UPDATE gazetteer_element SET ";
- $sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
- $sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "f_toupper = '".$_REQUEST["f_toupper"][$i]."',";
- $sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
- $sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
- $sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
-
- $res = db_query($sql);
+ $sql .= "f_search = $1, ";
+ $sql .= "f_pos = $2, ";
+ $sql .= "f_style_id = $3, ";
+ $sql .= "f_toupper = $4, ";
+ $sql .= "f_label = $5, ";
+ $sql .= "f_label_id = $6, ";
+ $sql .= "f_show = $7, ";
+ $sql .= "f_respos = $8 ";
+ $sql .= "WHERE fkey_gazetteer_id = $9 AND f_id = $10;";
+ $v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_toupper"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["gaz"], $_REQUEST["f_id"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i");
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -110,8 +114,10 @@
/* configure elements */
if(isset($_REQUEST["gaz"])){
- $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["gaz"];
- $res = db_query($sql);
+ $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>GazetterID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -132,9 +138,11 @@
/* set element options */
$sql = "SELECT * FROM gazetteer_element ";
$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["gaz"];
+ $sql .= "WHERE fkey_gazetteer_id = $1";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
echo $sql;
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr>";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_getStyles.php
===================================================================
--- tags/2.4.4/http/php/mod_getStyles.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_getStyles.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -81,7 +81,7 @@
{
global $proxy_name,$proxy_port,$proxy_cont,$proxy_user,$proxy_pass;
//echo $proxy_user;
- $proxy_fp = fsockopen($proxy_name, $proxy_port) or die ("Fehler beim öffnen der Verbindung zum Proxy");
+ $proxy_fp = fsockopen($proxy_name, $proxy_port) or die ("Fehler beim �ffnen der Verbindung zum Proxy");
if (!$proxy_fp) {return false;}
$headers = "GET $proxy_url HTTP/1.0\r\nHost: $proxy_name\r\n";
$headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($proxy_user . ':' . $proxy_pass)."\r\nConnection: Keep-Alive\r\n\r\n";
@@ -126,9 +126,12 @@
@fclose($style_xml);
fclose($style_file);
#include(dirname(__FILE__)."/../../conf/www.conf");
- $sql = "UPDATE wms SET wms_filter = '".str_replace(basename($login),$style_filename,$login)."' WHERE wms_id = ". $wmsList;
+ $pattern = "/" . basename($login) . "/";
+ $sql = "UPDATE wms SET wms_filter = $1 WHERE wms_id = $2";
+ $v = array(preg_replace($pattern,$style_filename,$login), $wmsList);
+ $t = array("s", "i");
echo $sql;
- db_query($sql) or die("unable to change filter!");
+ db_prep_query($sql, $v, $t) or die("unable to change filter!");
}
###
@@ -141,8 +144,10 @@
# getStyle - Request:
if($wmsList && $row["wms_id"] == $wmsList){
$getStyle = $row["wms_getmap"]."&VERSION=1.1.1&REQUEST=getStyles&SERVICE=WMS&LAYERS=";
- $sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = " . $wmsList;
- $res_style = db_query($sql_style);
+ $sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = $1";
+ $v = array($wmsList);
+ $t = array("i");
+ $res_style = db_prep_query($sql_style, $v, $t);
$cnt_style = 0;
while($row2 = db_fetch_array($res_style)){
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_loadCapabilitiesList.php
===================================================================
--- tags/2.4.4/http/php/mod_loadCapabilitiesList.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_loadCapabilitiesList.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -22,7 +22,7 @@
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-include(dirname(__FILE__)."/../php/mb_validateSession.php");
+include(dirname(__FILE__)."/../php/mb_validatePermission.php");
import_request_variables("PG");
?>
@@ -154,8 +154,10 @@
$cnt++;
}
- $sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = '".$guiID."' AND gui_layer_wms_id = ".$wmsID;
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = $1 AND gui_layer_wms_id = $2";
+ $v = array($guiID, $wmsID);
+ $t = array("s", "i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$sql_ins = "INSERT INTO gui_layer (fkey_gui_id,fkey_layer_id,gui_layer_wms_id,gui_layer_status,gui_layer_selectable,";
@@ -180,12 +182,17 @@
echo"<br>";
$sql = "SELECT * FROM gui WHERE gui_id IN (";
- for($i=0; $i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
+ $v = $ownguis;
+ $t = array();
+ for ($i = 1; $i <= count($ownguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$".$i;
+ array_push($t, "s");
}
$sql .= ") ORDER BY gui_name";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
echo"<select size='8' name='guiList' style='width:200px' onClick='submit()'>";
while($row = db_fetch_array($res)){
@@ -236,12 +243,17 @@
echo"<div class='text1'>Load WMS</div>";
$sql = "SELECT DISTINCT wms.wms_id,wms.wms_title,wms.wms_abstract,wms.wms_owner FROM gui_wms JOIN wms ON ";
$sql .= "wms.wms_id = gui_wms.fkey_wms_id WHERE gui_wms.fkey_gui_id IN(";
- for($i=0; $i<count($arrayGUIs); $i++){
- if($i>0){$sql .= ",";}
- $sql .= "'".$arrayGUIs[$i]."'";
+ $v = $arrayGUIs;
+ $t = array();
+ for ($i = 1; $i <= count($arrayGUIs); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ") ORDER BY wms.wms_title";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
echo "<select class='select1' name='wmsID' size='20' onchange='submit()'>";
$cnt = 0;
while($row = db_fetch_array($res)){
@@ -263,8 +275,10 @@
if(isset($wmsID)){
echo "<div class='text2'>FROM:</div>";
- $sql = "SELECT * from gui_wms WHERE fkey_wms_id ='".$wmsID."' ORDER BY fkey_gui_id";
- $res = db_query($sql);
+ $sql = "SELECT * from gui_wms WHERE fkey_wms_id = $1 ORDER BY fkey_gui_id";
+ $v = array($wmsID);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
echo "<select class='select2' name='guiID' size='20' onchange='load()'>";
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_loadWFSCapabilities.php
===================================================================
--- tags/2.4.4/http/php/mod_loadWFSCapabilities.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_loadWFSCapabilities.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -19,7 +19,7 @@
session_start();
-include(dirname(__FILE__)."/../php/mb_validateSession.php");
+include(dirname(__FILE__)."/../php/mb_validatePermission.php");
include(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_loadwfs.php
===================================================================
--- tags/2.4.4/http/php/mod_loadwfs.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_loadwfs.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -20,6 +20,7 @@
session_start();
require_once(dirname(__FILE__)."/mb_validateInput.php");
+include(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
require_once(dirname(__FILE__)."/../classes/class_wfs.php");
echo "file: ".$_REQUEST["xml_file"];
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_log.php
===================================================================
--- tags/2.4.4/http/php/mod_log.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_log.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -17,6 +17,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
include_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+include(dirname(__FILE__)."/../php/mb_validateSession.php");
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
if($_REQUEST['req']){
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_map1.php
===================================================================
--- tags/2.4.4/http/php/mod_map1.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_map1.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -37,8 +37,10 @@
<title>mod_map1</title>
<?php
-$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_width = $row["e_width"];
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_mapOV.php
===================================================================
--- tags/2.4.4/http/php/mod_mapOV.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_mapOV.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -45,8 +45,10 @@
?>
<?php
$gui_id = $_SESSION["mb_user_gui"];
-$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<script type='text/javascript'>";
while($row = db_fetch_array($res)){
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_owsproxy_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_owsproxy_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_owsproxy_conf.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -17,7 +17,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-include(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
include(dirname(__FILE__)."/../classes/class_administration.php");
$admin = new administration();
$ownwms = $admin->getWmsByOwner($_SESSION["mb_user_id"]);
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_renameGUI.php
===================================================================
--- tags/2.4.4/http/php/mod_renameGUI.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_renameGUI.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -22,7 +22,7 @@
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
import_request_variables("PG");
-require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
?>
@@ -150,7 +150,7 @@
}
</script>
</head>
-<body onLoad='document.form1.newGuiName.focus()'>
+<body>
<?php
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_simpleWMSpreferences.php
===================================================================
--- tags/2.4.4/http/php/mod_simpleWMSpreferences.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_simpleWMSpreferences.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -76,8 +76,10 @@
<?php
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_treefolderAdmin.php
===================================================================
--- tags/2.4.4/http/php/mod_treefolderAdmin.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_treefolderAdmin.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -20,6 +20,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
import_request_variables("PG");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
@@ -434,21 +435,28 @@
// this is a multinary tree structure which is easy to
// populate with database data :)
<?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
if(!db_fetch_row($res)){
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
- db_query($sql);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
}
-
+
$sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
$sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
$sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title, ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft;";
#echo $sql;
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
echo "function initArray(){";
echo "Note(0,-1,'','');";
$cnt = 0;
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_treefolderClient.php
===================================================================
--- tags/2.4.4/http/php/mod_treefolderClient.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_treefolderClient.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -20,6 +20,7 @@
session_start();
import_request_variables("PG");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
@@ -78,8 +79,10 @@
// -->
</STYLE>
<?php
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = $1";
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
$e_target = db_result($res,0,"e_target");
@@ -548,21 +551,27 @@
// this is a multinary tree structure which is easy to
// populate with database data :)
<?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
if(!db_fetch_row($res)){
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
- db_query($sql);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
}
$sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
$sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
$sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title, ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft";
-
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
echo "function initArray(){";
echo "Note(0,-1,'','');";
$cnt = 0;
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_wfs_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_wfs_conf.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -19,6 +19,8 @@
require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
require(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
+
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
?>
@@ -89,62 +91,74 @@
db_select_db($DB,$con);
- $sql = "INSERT INTO wfs_conf (wfs_conf_abstract,fkey_wfs_id,fkey_featuretype_id,g_label,g_label_id,g_button,g_button_id,g_style,g_buffer,g_res_style,g_use_wzgraphics) VALUES(";
- $sql .= "'".$_REQUEST["wfs_conf_abstract"]."',";
- $sql .= "'".$_REQUEST["wfs"]."',";
- $sql .= "'".$_REQUEST["featuretype"]."',";
- $sql .= "'".$_REQUEST["g_label"]."',";
- $sql .= "'".$_REQUEST["g_label_id"]."',";
- $sql .= "'".$_REQUEST["g_button"]."',";
- $sql .= "'".$_REQUEST["g_button_id"]."',";
- $sql .= "'".$_REQUEST["g_style"]."',";
- $sql .= "'".$_REQUEST["g_buffer"]."',";
- $sql .= "'".$_REQUEST["g_res_style"]."',";
- if(!empty($_REQUEST["g_use_wzgraphics"])){
+ $sql = "INSERT INTO wfs_conf (";
+ $sql .= "wfs_conf_abstract, fkey_wfs_id, ";
+ $sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
+ $sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics";
+ $sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, ";
+ if (!empty($_REQUEST["g_use_wzgraphics"])) {
$sql .= "'1'";
- }else{$sql .= "'0'";}
+ }
+ else {
+ $sql .= "'0'";
+ }
$sql .= "); ";
+
+ $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
+
+ $wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
- $res = db_query($sql);
- $wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
- for($i=0; $i<$_REQUEST["num"]; $i++){
+ for ($i = 0; $i < $_REQUEST["num"]; $i++){
$sql = "INSERT INTO wfs_conf_element (fkey_wfs_conf_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos,f_edit,f_form_element_html,f_mandatory) VALUES(";
- $sql .= "'".$wfsID."',";
- $sql .= "'".$_REQUEST["f_id".$i]."',";
- if(!empty($_REQUEST["f_search".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_pos".$i]."',";
- $sql .= "'".$_REQUEST["f_style_id".$i]."',";
- if(!empty($_REQUEST["f_toupper".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_label".$i]."',";
- $sql .= "'".$_REQUEST["f_label_id".$i]."',";
- if(!empty($_REQUEST["f_show".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_respos".$i]."'";
- $sql .= ",";
- if(!empty($_REQUEST["f_edit".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_form_element_html".$i]."',";
- if(!empty($_REQUEST["f_mandatory".$i])){
+ $sql .= "$1, $2, ";
+ if (!empty($_REQUEST["f_search".$i])) {
$sql .= "'1'";
- }else{$sql .= "'0'";}
-// $sql .= ", ";
-// $sql .= "'".addslashes($_REQUEST["f_auth_varname".$i]);
-// $sql .= "'";
- $sql .= "); ";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= ", $3, $4, ";
+ if (!empty($_REQUEST["f_toupper".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= ",$5, $6, ";
+ if (!empty($_REQUEST["f_show".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0',";
+ }
+ $sql .= ", $7, ";
+ if (!empty($_REQUEST["f_edit".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= ",$8, ";
+ if (!empty($_REQUEST["f_mandatory".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= "); ";
- $res = db_query($sql);
+ $v = array($wfsID, $_REQUEST["f_id".$i], $_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], $_REQUEST["f_form_element_html".$i], $_REQUEST["f_auth_varname".$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
}
if (isset($_REQUEST["f_geom"])) {
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 1";
- $sql .= " WHERE fkey_wfs_conf_id = ".$wfsID." AND f_id = ".$_REQUEST["f_geom"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
+ $v = array($wfsID, $_REQUEST["f_geom"]);
+ $t = array("i", "i");
+ $res = db_prep_query($sql, $v, $t);
}
echo "<script language='javascript'>";
@@ -271,8 +285,7 @@
echo "<td><input name='f_respos".$i."' type='text' size='1' value='0'></td>";
echo "<td><input name='f_mandatory".$i."' type='checkbox'></td>";
echo "<td><input name='f_edit".$i."' type='checkbox'></td>";
- echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' ></textarea></td>";
-// echo "<td><input name='f_auth_varname".$cnt."' type='text' size='8' value='".$row["f_auth_varname"]."'></td>";
+ echo "<td><textarea name='f_form_element_html".$i."' cols='15' rows='1' ></textarea></td>";
echo "</tr>";
}
echo "</table>";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_wfs_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_edit.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_wfs_edit.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -18,6 +18,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
<html>
<head>
@@ -58,78 +59,89 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE wfs_conf SET ";
- $sql .= "wfs_conf_abstract = '".$_REQUEST["wfs_conf_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."',";
- $sql .= "g_res_style = '".$_REQUEST["g_res_style"]."',";
- $sql .= "g_use_wzgraphics = ";
- if(!empty($_REQUEST["g_use_wzgraphics"])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= " WHERE wfs_conf_id = ".$_REQUEST["gaz"].";";
+ $sql .= "wfs_conf_abstract = $1, g_label = $2, ";
+ $sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
+ $sql .= "g_buffer = $7, g_res_style = $8, g_use_wzgraphics = ";
+ if (!empty($_REQUEST["g_use_wzgraphics"])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= " WHERE wfs_conf_id = $9;";
- $res = db_query($sql);
+ $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["gaz"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
if (isset($_REQUEST["f_geom"])) {
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 1";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_geom"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
+ $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $t = array("i", "s");
+ $res = db_prep_query($sql);
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 0";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id <> ".$_REQUEST["f_geom"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id <> $2;";
+ $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $t = array("i", "s");
+ $res = db_prep_query($sql);
}
else {
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 0";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1;";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql);
}
for($i=0; $i<$_REQUEST["num"]; $i++){
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_search = '";
- if(!empty($_REQUEST["f_search".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_pos = '".$_REQUEST["f_pos".$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id".$i]."',";
+ $sql = "UPDATE wfs_conf_element SET f_search = '";
+ if (!empty($_REQUEST["f_search".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "', f_pos = $1, f_style_id = $2,";
$sql .= "f_toupper = '" ;
- if(!empty($_REQUEST["f_toupper".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_label = '".$_REQUEST["f_label".$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id".$i]."',";
+ if (!empty($_REQUEST["f_toupper".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "',f_label = $3, f_label_id = $4,";
$sql .= "f_show = '";
- if(!empty($_REQUEST["f_show".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_respos = '".$_REQUEST["f_respos".$i]."' ";
- $sql .= ",";
+ if (!empty($_REQUEST["f_show".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "',f_respos = $5,";
$sql .= "f_edit = '";
- if(!empty($_REQUEST["f_edit".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_form_element_html = '".addslashes($_REQUEST["f_form_element_html".$i]);
- $sql .= "',";
+ if (!empty($_REQUEST["f_edit".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "', f_form_element_html = $6,";
$sql .= "f_mandatory = '";
- if(!empty($_REQUEST["f_mandatory".$i])){
+ if (!empty($_REQUEST["f_mandatory".$i])) {
$sql .= "1";
- }else{$sql .= "0";}
+ }
+ else {
+ $sql .= "0";
+ }
$sql .= "'";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_id".$i].";";
- $res = db_query($sql);
+ $sql .= " WHERE fkey_wfs_conf_id = $8 AND f_id = $9;";
+
+ $v = array($_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], addslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i], $_REQUEST["gaz"], $_REQUEST["f_id".$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "s");
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -164,9 +176,11 @@
}
/* configure elements */
-if(isset($_REQUEST["gaz"])){
- $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = ".$_REQUEST["gaz"];
- $res = db_query($sql);
+if (isset($_REQUEST["gaz"])) {
+ $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>GazetterID:</td><td>".$row["wfs_conf_id"]."</td></tr>" ;
@@ -187,9 +201,10 @@
/* set element options */
$sql = "SELECT * FROM wfs_conf_element ";
$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." ORDER BY f_id";
-
- $res = db_query($sql);
+ $sql .= "WHERE fkey_wfs_conf_id = $1 ORDER BY f_id";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr valign = bottom>";
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_wfs_result.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_result.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_wfs_result.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -18,7 +18,11 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
$filter = stripslashes($_REQUEST["filter"]);
-$url = stripslashes($_REQUEST['url']);
+$url = stripslashes($_REQUEST["url"]);
+$js_wfs_conf_id = $_REQUEST["js_wfs_conf_id"];
+$db_wfs_conf_id = $_REQUEST["db_wfs_conf_id"];
+$typename = $_REQUEST["typename"];
+
//echo $filter; die();
require_once("../../conf/mapbender.conf");
require_once("../classes/class_stripRequest.php");
@@ -60,7 +64,6 @@
$el = -1;
$fid = -1;
-$typename = $_REQUEST["typename"];
$element_str = "";
$geom_str = "";
foreach ($values as $element) {
@@ -106,7 +109,7 @@
}
// TO DO: the following is added twice! Once suffices.
$element_str .= "geom.get(" . $member . ").e.setElement('fid', '".$fid."');\n";
- $element_str .= "geom.get(" . $member . ").wfs_conf = ".$_REQUEST['wfs_conf_id'].";\n";
+ $element_str .= "geom.get(" . $member . ").wfs_conf = ".$js_wfs_conf_id.";\n";
}
else if(strtoupper($element[tag]) == strtoupper("gml:coordinates") && $geom == true){
$tmp = str_replace(",,","",str_replace(" ",",",trim($element[value])));
Modified: branches/2.4.5/2.4.4_leak/http/php/mod_wfsrequest.php
===================================================================
--- tags/2.4.4/http/php/mod_wfsrequest.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/mod_wfsrequest.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -32,8 +32,8 @@
$sql .= "WHERE wfs_conf.wfs_conf_id = $1";
$v = array($_REQUEST['wfs_conf_id']);
-$t = array('i');
-$res = db_prep_query($sql,$v,$t);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
$g_res_style = $row["g_res_style"];
@@ -45,8 +45,8 @@
$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
$sql .= "AND wfs_conf_element.f_show = 1 ORDER BY wfs_conf_element.f_respos;";
$v = array($_REQUEST['wfs_conf_id']);
-$t = array('i');
-$res = db_prep_query($sql,$v,$t);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
$col = array();
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: branches/2.4.5/2.4.4_leak/http/php/nestedSets.php
===================================================================
--- tags/2.4.4/http/php/nestedSets.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/2.4.4_leak/http/php/nestedSets.php 2008-02-18 13:34:49 UTC (rev 2093)
@@ -20,7 +20,7 @@
session_start();
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
import_request_variables("PG");
-require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
?>
@@ -58,16 +58,16 @@
if(value == 'insert'){
/*
if(document.forms[0].title.value == ''){alert("Bitte geben Sie einen Titel an."); permission = false; return;}
- if(document.forms[0].left.value == ''){alert("Wählen Sie eine Position."); permission = false; return;}
+ if(document.forms[0].left.value == ''){alert("W�hlen Sie eine Position."); permission = false; return;}
*/
if(document.forms[0].title.value == ''){alert("Please insert a title."); permission = false; return;}
if(document.forms[0].left.value == ''){alert("Please choose a position."); permission = false; return;}
- if(document.forms[0].wmsList.selectedIndex > 0 && document.forms[0].layer.selectedIndex == 0){alert("Wählen Sie einen Layer."); permission = false; return;}
+ if(document.forms[0].wmsList.selectedIndex > 0 && document.forms[0].layer.selectedIndex == 0){alert("W�hlen Sie einen Layer."); permission = false; return;}
if(permission == true){document.forms[0].action.value = "insert"; document.forms[0].submit();}
}
if(value == 'delete'){
- //permission = confirm("Soll das Objekt mit Inhalten gelöscht werden?");
+ //permission = confirm("Soll das Objekt mit Inhalten gel�scht werden?");
permission = confirm("Do you want to delete the object and the content of the object?");
if(permission == true){
document.forms[0].action.value = "delete";
@@ -77,7 +77,7 @@
if(value == 'update'){
/*
if(document.forms[0].title.value == ''){alert("Bitte geben Sie einen Titel an."); permission = false; return;}
- if(document.forms[0].left.value == ''){alert("Bitte wählen Sie eine Position."); permission = false; return;}
+ if(document.forms[0].left.value == ''){alert("Bitte w�hlen Sie eine Position."); permission = false; return;}
*/
if(document.forms[0].title.value == ''){alert("Please fill in a labeling."); permission = false; return;}
@@ -87,10 +87,10 @@
}
if(value == 'add'){
/*
- if(document.forms[0].left.value == ''){alert("Bitte wählen Sie eine Position."); permission = false; return;}
- if(document.forms[0].guiList.selectedIndex == 0){alert("Bitte wählen Sie eine GUI."); permission = false; return;}
- if(document.forms[0].wmsList.selectedIndex == 0){alert("Bitte wählen Sie einen WMS."); permission = false; return;}
- if(document.forms[0].layer.selectedIndex == 0){alert("Bitte wählen Sie eine Ebene."); permission = false; return;}
+ if(document.forms[0].left.value == ''){alert("Bitte w�hlen Sie eine Position."); permission = false; return;}
+ if(document.forms[0].guiList.selectedIndex == 0){alert("Bitte w�hlen Sie eine GUI."); permission = false; return;}
+ if(document.forms[0].wmsList.selectedIndex == 0){alert("Bitte w�hlen Sie einen WMS."); permission = false; return;}
+ if(document.forms[0].layer.selectedIndex == 0){alert("Bitte w�hlen Sie eine Ebene."); permission = false; return;}
*/
if(document.forms[0].left.value == ''){alert("Please fill in a position."); permission = false; return;}
@@ -116,26 +116,31 @@
}
if(isset($action) && $action == "insert"){
$temp = explode("###", $layer);
- $sql = "SELECT rgt FROM gui_treegde WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "SELECT rgt FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $1";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ $res = db_prep_query($sql, $v, $t);
if($pos == 'in'){$left = $left + 1;}
else if($pos == 'hinter'){$left = db_result($res,0,"rgt") + 1;}
else{ $left = $left + 2;}
- $sql = "UPDATE gui_treegde SET rgt=rgt+2 WHERE rgt >=". $left." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "UPDATE gui_treegde SET lft=lft+2 WHERE lft >=".$left." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, fkey_layer_id, lft,rgt, my_layer_title, layer, wms_id) VALUES(";
- $sql .= "'".$guiList."', ";
- $sql .= "'".$temp[0]."', ";
- $sql .= $left.", ";
- $sql .= ($left+1).", ";
- $sql .= "'".$name."', ";
- $sql .= "'".$temp[1]."', ";
- $sql .= "'".$wmsList."'";
- $sql .= ")";
- #echo $sql . "<br>";
- db_query($sql);
+
+ $sql = "UPDATE gui_treegde SET rgt=rgt+2 WHERE rgt >= $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "UPDATE gui_treegde SET lft=lft+2 WHERE lft >= $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, fkey_layer_id, lft,rgt, ";
+ $sql .= "my_layer_title, layer, wms_id) VALUES($1, $2, $3, $4, $5, $6, $7)";
+ #echo $sql . "<br>";
+ $v = array($guiList, $temp[0], $left, ($left+1), $name, $temp[1], $wmsList);
+ $t = array("s", "s", "i", "i", "s", "s", "s");
+ db_prep_query($sql, $v, $t);
+
/*
if($layer == ""){
$left = $left + 1;
@@ -152,53 +157,79 @@
}
if(isset($action) && $action == "delete"){
if($left){
- $sql = "SELECT rgt FROM gui_treegde WHERE lft =". $left." AND fkey_gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "SELECT rgt FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ $res = db_prep_query($sql, $v, $t);
$right = db_result($res,0,"rgt");
- $sql = "DELETE FROM gui_treegde WHERE lft BETWEEN ".$left." and ".$right." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "UPDATE gui_treegde SET lft=lft-((".$right."-".$left."+1)) WHERE lft>".$right." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "UPDATE gui_treegde SET rgt=rgt-((".$right."-".$left."+1)) WHERE rgt>".$right." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
+
+ $sql = "DELETE FROM gui_treegde WHERE lft BETWEEN $1 and $2 AND fkey_gui_id = $3";
+ $v = array($left, $right, $guiList);
+ $t = array("i", "i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "UPDATE gui_treegde SET lft=lft-(($1 - $2 + 1)) WHERE lft > $3 AND fkey_gui_id = $4";
+ $v = array($right, $left, $right, $guiList);
+ $t = array("i", "i", "i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "UPDATE gui_treegde SET rgt=rgt-(($1 - $2 + 1)) WHERE rgt > $3 AND fkey_gui_id = $4";
+ $v = array($right, $left, $right, $guiList);
+ $t = array("i", "i", "i", "s");
+ db_prep_query($sql, $v, $t);
}
}
if(isset($action) && $action == "update"){
$temp = explode("###", $layer);
$sql = "UPDATE gui_treegde SET ";
- $sql .= "my_layer_title = '".$name."', ";
- $sql .= "fkey_layer_id = '".$temp[0]."', ";
- $sql .= "layer = '".$temp[1]."', ";
- $sql .= "wms_id = '" . $wmsList."'";
- $sql .= " WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
+ $sql .= "my_layer_title = $1, ";
+ $sql .= "fkey_layer_id = $2, ";
+ $sql .= "layer = $3, ";
+ $sql .= "wms_id = $4";
+ $sql .= " WHERE lft = $5 AND fkey_gui_id = $6";
+ $v = array($name, $temp[0], $temp[1], $wmsList, $left, $guiList);
+ $t = array("s", "s", "s", "s", "i", "s");
+ db_prep_query($sql, $v, $t);
}
if(isset($action) && $action == "add"){
$temp = explode("###", $layer);
- $sql_val = "SELECT * FROM gui_treegde WHERE lft =". $left." AND fkey_gui_id = '".$guiList."'";
- $res_val = db_query($sql_val);
+ $sql_val = "SELECT * FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ $res = db_prep_query($sql_val, $v, $t);
$sql = "UPDATE gui_treegde SET ";
+ $sql .= "fkey_layer_id = $1, layer = $2, wms_id = $3 ";
+ $sql .= "WHERE lft = $4 AND fkey_gui_id = $5";
- $sql .= "fkey_layer_id = ";
- $sql .= "'";
- if(db_result($res_val, 0, "fkey_layer_id") != ''){ $sql .= db_result($res_val, 0, "fkey_layer_id") . ","; }
- $sql .= $temp[0] . "', ";
+ $v = array();
+ $t = array("s", "s", "s", "i", "s");
+
+ if (db_result($res_val, 0, "fkey_layer_id") != '') {
+ array_push($v, db_result($res_val, 0, "fkey_layer_id") . "," . $temp[0]);
+ }
+ else {
+ array_push($v, $temp[0]);
+ }
- $sql .= "layer = ";
- $sql .= "'";
- if(db_result($res_val, 0, "layer") != ''){ $sql .= db_result($res_val, 0, "layer") . ","; }
- $sql .= $temp[1] . "', ";
+ if (db_result($res_val, 0, "layer") != '') {
+ array_push($v, db_result($res_val, 0, "layer") . "," . $temp[1]);
+ }
+ else {
+ array_push($v, $temp[1]);
+ }
- $sql .= "wms_id = ";
- $sql .= "'";
- if(db_result($res_val, 0, "wms_id") != ''){ $sql .= db_result($res_val, 0, "wms_id") . ","; }
- $sql .= $wmsList . "' ";
-
- $sql .= " WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
- #echo $sql . "<br>";
- db_query($sql);
+ if (db_result($res_val, 0, "wms_id") != '') {
+ array_push($v, db_result($res_val, 0, "wms_id") . "," . $wmsList);
+ }
+ else {
+ array_push($v, $wmsList);
+ }
+
+ array_push($v, $left);
+ array_push($v, $guiList);
+ db_prep_query($sql, $v, $t);
}
?>
<br />
@@ -228,14 +259,19 @@
$admin = new administration();
$ownguis = $admin->getGuisByOwner($_SESSION["mb_user_id"],true);
-$sql = "SELECT * FROM gui WHERE gui_id IN ("; for($i=0;
-$i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
- }
+$sql = "SELECT * FROM gui WHERE gui_id IN (";
+$v = $ownguis;
+$t = array();
+for ($i = 1; $i <= count($ownguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
+}
$sql .= ") ORDER BY gui_name";
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<select class='guiList' size='10' name='guiList' class='guiList' onchange='document.forms[0].submit()'>";
echo "<option value=''>GUI ...</option>";
@@ -265,9 +301,11 @@
if(isset($guiList) && $guiList != ""){
$sql = "SELECT gui_wms.fkey_wms_id, wms.wms_title FROM gui_wms ";
$sql .= "INNER JOIN wms ON gui_wms.fkey_wms_id = wms.wms_id ";
- $sql .= "WHERE gui_wms.fkey_gui_id = '" . $guiList . "' ";
+ $sql .= "WHERE gui_wms.fkey_gui_id = $1 ";
$sql .= "ORDER BY wms.wms_title";
- $res = db_query($sql);
+ $v = array($guiList);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["fkey_wms_id"]."' ";
@@ -293,9 +331,11 @@
if(isset($wmsList) && $wmsList != ""){
$sql_l = "SELECT gui_layer.fkey_layer_id, layer.layer_name, layer.layer_title FROM gui_layer ";
$sql_l .= "LEFT JOIN layer ON gui_layer.fkey_layer_id = layer.layer_id ";
- $sql_l .= "WHERE gui_layer.gui_layer_wms_id = " . $wmsList . " AND layer.layer_parent = '0' AND gui_layer.fkey_gui_id = '".$guiList."'";
+ $sql_l .= "WHERE gui_layer.gui_layer_wms_id = $1 AND layer.layer_parent = '0' AND gui_layer.fkey_gui_id = $2";
$sql_l .= " ORDER BY layer.layer_title";
- $res_l = db_query($sql_l);
+ $v = array($wmsList, $guiList);
+ $t = array("i", "s");
+ $res_l = db_prep_query($sql_l, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res_l)){
echo "<option value='".$row["fkey_layer_id"]."###".$row["layer_name"]."'>";
More information about the Mapbender_commits
mailing list