[Mapbender-commits] r2047 - in tags/2.4.4_su: .
2.4.4_leak/http/classes 2.4.4_leak/http/frames
2.4.4_leak/http/html 2.4.4_leak/http/javascripts 2.4.4_leak/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Jan 31 07:49:37 EST 2008
Author: christoph
Date: 2008-01-31 07:49:36 -0500 (Thu, 31 Jan 2008)
New Revision: 2047
Added:
tags/2.4.4_su/2.4.4_leak/
tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php
Removed:
tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php
tags/2.4.4_su/2.4.4_leak/http/html/mod_treefolder_auge.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_measure4326.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/transform_coordinatesWGS84.php
Modified:
tags/2.4.4_su/2.4.4_leak/http/classes/class_gui.php
tags/2.4.4_su/2.4.4_leak/http/classes/class_log.php
tags/2.4.4_su/2.4.4_leak/http/classes/class_wfs.php
tags/2.4.4_su/2.4.4_leak/http/classes/class_wfs_conf.php
tags/2.4.4_su/2.4.4_leak/http/classes/class_wms.php
tags/2.4.4_su/2.4.4_leak/http/frames/login.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/map.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromList.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredList.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredListDB.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_sandclock2.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_setPOI2Scale.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_wfs_SpatialRequest.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomCoords.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomFull.php
tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomOut1.php
tags/2.4.4_su/2.4.4_leak/http/php/createImageFromText.php
tags/2.4.4_su/2.4.4_leak/http/php/mb_listWMCs.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_WMSpreferences.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_changeEPSG.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_deleteGUI.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_deleteWFS.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editFilteredGroup.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editFilteredUser.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editGroup.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editGuiWms.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editGuiWmsMeta.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editUser.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_editWMS_Metadata.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_edit_element_vars.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_edit_metadata.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_evalArea.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_gazLayerObj_conf.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_gazLayerObj_edit.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_gazetteer_conf.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_gazetteer_edit.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_getStyles.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_loadCapabilitiesList.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_map1.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_mapOV.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_simpleWMSpreferences.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_treefolderAdmin.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_treefolderClient.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_wfs_conf.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_wfs_edit.php
tags/2.4.4_su/2.4.4_leak/http/php/mod_wfsrequest.php
tags/2.4.4_su/2.4.4_leak/http/php/nestedSets.php
Log:
Copied: tags/2.4.4_su/2.4.4_leak (from rev 2000, tags/2.4.4)
Modified: tags/2.4.4_su/2.4.4_leak/http/classes/class_gui.php
===================================================================
--- tags/2.4.4/http/classes/class_gui.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_gui.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,4 @@
<?php
-
# $Id$
# http://www.mapbender.org/index.php/class_gui.php
# Copyright (C) 2002 CCGIS
@@ -19,252 +18,201 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-class gui{
+/**
+ * GUI is a set of GUI elements and services.
+ */
+class gui {
- function gui() {
+ public function __construct () {
}
- // CB - returns true if a gui '$gui_id' exists
- function guiExists($gui_id){
- $sql = "SELECT * FROM gui ";
- $sql .= "WHERE gui_id = $1";
+ /**
+ * Checks if a GUI with a given ID exists in the database
+ *
+ * @param integer $gui_id the ID of the GUI that is being checked
+ * @return boolean true if a gui '$gui_id' exists; else false
+ */
+ public function guiExists ($gui_id){
+ $sql = "SELECT * FROM gui WHERE gui_id = $1";
$v = array($gui_id);
$t = array('s');
$res = db_prep_query($sql,$v,$t);
$row = db_fetch_array($res);
- if ($row) return true;
- else return false;
+ if ($row) {
+ return true;
+ }
+ return false;
}
- // CB - deletes a GUI $guiId and all its links to users, layers etc.
- function deleteGui ($guiId) {
+
+ /**
+ * Deletes a GUI $guiId and all its links to users, layers etc.
+ *
+ * @param Integer $guiId the GUI that is going to be deleted
+ * @return boolean true if the deletion succeded, else false
+ */
+ public function deleteGui ($guiId) {
$guiList = $guiId;
- $sql = "BEGIN";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ $sql = array();
+ $v = array();
+ $t = array();
- $sql = "DELETE FROM gui WHERE gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "BEGIN");
+ array_push($v, array());
+ array_push($t, array());
+
+ array_push($sql, "DELETE FROM gui WHERE gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_element WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_element WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_layer WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_layer WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_treegde WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_wfs WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_wfs WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- $sql = "DELETE FROM gui_wms WHERE fkey_gui_id = $1";
- $v = array($guiList);
- $t = array('s');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "DELETE FROM gui_wms WHERE fkey_gui_id = $1");
+ array_push($v, array($guiList));
+ array_push($t, array('s'));
- // if $error is true, the transaction is aborted -> rollback
- if (!$error) {
- $sql = "COMMIT";
- $res = db_query($sql);
+ array_push($sql, "COMMIT");
+ array_push($v, array());
+ array_push($t, array());
+
+ // execute all SQLs
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
+ // if an SQL fails, send a ROLLBACK and return false
if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
+ db_query("ROLLBACK");
+ return false;
}
}
- //if $error is false, the transaction is executed -> commit
- else {
- $sql = "ROLLBACK";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
- }
- return !$error;
+ return true;
}
- // CB - rename a GUI
- function renameGui ($guiId, $newGuiName) {
- $error = false;
+ /** Renames the GUI $guiID to $newGUIName
+ *
+ * @param Integer $guiId ID of the GUI
+ * @param String $newGuiName the new name of the GUI
+ * @return boolean true if the renaming succeded, else false
+ */
+ public function renameGui ($guiId, $newGuiName) {
if ($this->copyGui($guiId, $newGuiName, true)) {
$this->deleteGui($guiId);
+ return true;
}
- else {
- $error = true;
- }
- return !$error;
+ return false;
}
- // CB - copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
- function copyGui ($guiId, $newGuiName, $withUsers) {
- $error = false;
+ /**
+ *
+ * Copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
+ *
+ * @param Integer $guiId ID of the GUI
+ * @param String $newGuiName the new name of the GUI
+ * @param boolean $withUsers true if the users, that may access the GUI $guiId, shall have access to the new GUI; else false.
+ *
+ * @return boolean true if the renaming succeded, else false
+ */
+ public function copyGui ($guiId, $newGuiName, $withUsers) {
$guiList = $guiId;
if (!$this->guiExists($newGuiName)) {
- $sql = "BEGIN";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+
+ $sql = array();
+ $v = array();
+ $t = array();
+
+ array_push($sql, "BEGIN");
+ array_push($v, array());
+ array_push($t, array());
- $sql = "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) SELECT '" . $newGuiName . "', '" . $newGuiName . "',gui_description, gui_public FROM gui WHERE gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) SELECT $1, $2, gui_description, gui_public FROM gui WHERE gui_id = $3;");
+ array_push($v, array ($newGuiName, $newGuiName, $guiList));
+ array_push($t, array ("s", "s", "s"));;
+
+ array_push($sql, "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url) SELECT $1, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url FROM gui_element WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url) SELECT '" . $newGuiName . "', e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url FROM gui_element WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type) SELECT $1, fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type) SELECT '" . $newGuiName . "', fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_layer (fkey_gui_id, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype) SELECT $1, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_layer (fkey_gui_id, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype) SELECT '" . $newGuiName . "', fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
-
- $sql = "INSERT INTO gui_mb_group (fkey_gui_id, fkey_mb_group_id, mb_group_type) SELECT '" . $newGuiName . "', fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
-
if ($withUsers == true) {
+ /* group of original gui is copied as well */
+ array_push($sql, "INSERT INTO gui_mb_group (fkey_gui_id, fkey_mb_group_id, mb_group_type) SELECT $1, fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
+
/* users of original gui are copied as well */
- $sql = "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) SELECT '" . $newGuiName . "', fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) SELECT $1, fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
}
else {
// users of original gui are not copied, the current user is set as owner
- $sql = "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) VALUES ($1, $2, 'owner')";
- $v = array($newGuiName, $_SESSION["mb_user_id"]);
- $t = array('s', 'i');
- $res = db_prep_query($sql,$v,$t);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) VALUES ($1, $2, 'owner')");
+ array_push($v, array($newGuiName, $_SESSION["mb_user_id"]));
+ array_push($t, array('s', 'i'));
}
- $sql = "INSERT INTO gui_treegde (fkey_gui_id, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id) SELECT '" . $newGuiName . "', fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_treegde (fkey_gui_id, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id) SELECT $1, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id) SELECT '" . $newGuiName . "', fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id) SELECT $1, fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
- $sql = "INSERT INTO gui_wms (fkey_gui_id, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible) SELECT '" . $newGuiName . "', fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = '" . $guiList . "';";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ array_push($sql, "INSERT INTO gui_wms (fkey_gui_id, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible) SELECT $1, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = $2;");
+ array_push($v, array($newGuiName, $guiList));
+ array_push($t, array("s", "s"));
+
+ array_push($sql, "COMMIT");
+ array_push($v, array());
+ array_push($t, array());
- // if $error is false, the transaction is executed -> commit
- if (!$error) {
- $sql = "COMMIT";
- }
- else {
- $sql = "ROLLBACK";
+ // execute all SQLs
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
+ // if an SQL fails, send a ROLLBACK and return false
+ if (!$res) {
+ db_query("ROLLBACK");
+ return false;
+ }
}
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
- return !$error;
+ return true;
}
else {
echo "<script language='javascript'>";
Modified: tags/2.4.4_su/2.4.4_leak/http/classes/class_log.php
===================================================================
--- tags/2.4.4/http/classes/class_log.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_log.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -23,7 +23,7 @@
*modul "GET /map/http/ HTTP/1.1"
*/
-class log{
+class log {
var $dir = "../../log/";
var $log_username = true;
@@ -32,12 +32,14 @@
* {'file' || 'db'}
*/
var $logtype = 'db';
+
+ function log($module,$req,$time_client,$type = ""){
- function log($module,$req,$time_client){
-
$this->url = $req;
+ if($type == "")
+ $type = $this->logtype;
- if($this->logtype == "file"){
+ if($type == "file"){
if(is_dir($this->dir)){
$logfile = $this->dir . "mb_access_" . date("Y_m_d") . ".log";
if(!$h = @fopen($logfile,"a")){
@@ -65,42 +67,22 @@
}
}
}
- else if($this->logtype == 'db'){
+ else if($type == 'db'){
include_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
for($i = 0; $i < count($this->url); $i++){
- $sql = "INSERT INTO mb_log(";
+ $sql = "INSERT INTO mb_log (";
+ $sql .= "time_client, time_server, time_readable, mb_session, ";
+ $sql .= "gui, module, ip, username, userid, request";
+ $sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)";
- $sql .= "time_client,";
- $sql .= "time_server,";
- $sql .= "time_readable,";
- $sql .= "mb_session,";
- $sql .= "gui,";
- $sql .= "module,";
- $sql .= "ip,";
- $sql .= "username,";
- $sql .= "userid,";
- $sql .= "request";
+ $v = array($time_client, strtotime("now"), "[".date("d/M/Y:H:i:s O")."]", SID, $_SESSION["mb_user_gui"], $module, $_SESSION["mb_user_ip"], $_SESSION["mb_user_name"], $_SESSION["mb_user_id"], $this->url[$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t)or die(db_error());
- $sql .= ") VALUES (";
-
- $sql .= "'".$time_client."',";
- $sql .= "'".strtotime("now")."',";
- $sql .= "'[".date("d/M/Y:H:i:s O")."]',";
- $sql .= "'".SID."',";
- $sql .= "'".$_SESSION["mb_user_gui"]."',";
- $sql .= "'".$module."',";
- $sql .= "'".$_SESSION["mb_user_ip"]."',";
- $sql .= "'".$_SESSION["mb_user_name"]."',";
- $sql .= "'".$_SESSION["mb_user_id"]."',";
- $sql .= "'".$this->url[$i]."'";
- $sql .= ")";
-
- $res = db_query($sql)or die(db_error());
-
if(!$res){
include_once(dirname(__FILE__)."/class_mb_exception.php");
$e = new mb_exception("class_log: Writing table mb_log failed.");
Modified: tags/2.4.4_su/2.4.4_leak/http/classes/class_wfs.php
===================================================================
--- tags/2.4.4/http/classes/class_wfs.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_wfs.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -223,20 +223,14 @@
# TABLE wfs
- $sql = "INSERT INTO wfs (wfs_version, wfs_name, wfs_title, wfs_abstract, wfs_getcapabilities, wfs_describefeaturetype, wfs_getfeature, wfs_transaction) ";
- $sql .= "VALUES(";
- $sql .= "'" . $this->wfs_version ."', ";
- $sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_name)) ."', ";
- $sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_title)) ."', ";
- $sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_abstract)) . "', ";
- $sql .= "'" . $this->wfs_getcapabilities ."', ";
- $sql .= "'" . $this->wfs_describefeaturetype . "', ";
- $sql .= "'". $this->wfs_getfeature . "', ";
- $sql .= "'". $this->wfs_transaction . "'";
- $sql .= ");";
+ $sql = "INSERT INTO wfs (wfs_version, wfs_name, wfs_title, wfs_abstract, ";
+ $sql .= "wfs_getcapabilities, wfs_describefeaturetype, wfs_getfeature, ";
+ $sql .= "wfs_transaction) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)";
+ $v = array($this->wfs_version, db_escape_string(str_replace("'","",$this->wfs_name)), db_escape_string(str_replace("'","",$this->wfs_title)), db_escape_string(str_replace("'","",$this->wfs_abstract)), $this->wfs_getcapabilities, $this->wfs_describefeaturetype, $this->wfs_getfeature, $this->wfs_transaction);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s");
#echo "sql wfs: <br>".$sql;
- $res = db_query($sql)or die(db_error());
+ $res = db_prep_query($sql, $v, $t)or die(db_error());
$myWFS = db_insert_id($con,'wfs','wfs_id');
#echo "<br> myWFS: ".$myWFS;
@@ -244,62 +238,57 @@
# TABLE wfs_featuretype
for($i=0; $i<count($this->wfs_featuretype); $i++){
- $sql = "INSERT INTO wfs_featuretype(fkey_wfs_id, featuretype_name, featuretype_title, featuretype_srs) ";
- $sql .= "VALUES(";
- $sql .= $myWFS . ",";
- $sql .= "'".$this->wfs_featuretype[$i]->featuretype_name . "',";
- $sql .= "'".$this->wfs_featuretype[$i]->featuretype_title."',";
- $sql .= "'".$this->wfs_featuretype[$i]->featuretype_srs."'";
- $sql .= ")";
+ $sql = "INSERT INTO wfs_featuretype(fkey_wfs_id, featuretype_name, ";
+ $sql .= "featuretype_title, featuretype_srs) VALUES ($1, $2, $3, $4)";
+ $v = array($myWFS, $this->wfs_featuretype[$i]->featuretype_name, $this->wfs_featuretype[$i]->featuretype_title, $this->wfs_featuretype[$i]->featuretype_srs);
+ $t = array("i", "s", "s", "s");
#$res = mysql_query($sql) or $this->cleanDB($myWFS,$sql);
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
# save the id of each featuretype:
$this->wfs_featuretype[$i]->mysql_id = db_insert_id($con,'wfs_featuretype','featuretype_id');
for($j=0; $j<count($this->wfs_featuretype[$i]->featuretype_element);$j++){
- $sql = "INSERT INTO wfs_element(fkey_featuretype_id, element_name,element_type) ";
- $sql .= "VALUES(";
- $sql .= "'" .$this->wfs_featuretype[$i]->mysql_id. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_element[$j]["name"]. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_element[$j]["type"]. "' ";
- $sql .= ")";
+ $sql = "INSERT INTO wfs_element(fkey_featuretype_id, ";
+ $sql .= "element_name,element_type) VALUES ($1, $2, $3)";
+
+ $v = array($this->wfs_featuretype[$i]->mysql_id, $this->wfs_featuretype[$i]->featuretype_element[$j]["name"], $this->wfs_featuretype[$i]->featuretype_element[$j]["type"]);
+ $t = array("s", "s", "s");
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
}
for($j=0; $j<count($this->wfs_featuretype[$i]->featuretype_namespace);$j++){
- $sql = "INSERT INTO wfs_featuretype_namespace(fkey_wfs_id, fkey_featuretype_id, namespace, namespace_location) ";
- $sql .= "VALUES(";
- $sql .= "'" .$myWFS. "',";
- $sql .= "'" .$this->wfs_featuretype[$i]->mysql_id. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_namespace[$j]["name"]. "', ";
- $sql .= "'" .$this->wfs_featuretype[$i]->featuretype_namespace[$j]["value"]. "' ";
- $sql .= ")";
+ $sql = "INSERT INTO wfs_featuretype_namespace (fkey_wfs_id, ";
+ $sql .= "fkey_featuretype_id, namespace, namespace_location) ";
+ $sql .= "VALUES ($1, $2, $3, $4)";
+ $v = array($myWFS, $this->wfs_featuretype[$i]->mysql_id, $this->wfs_featuretype[$i]->featuretype_namespace[$j]["name"], $this->wfs_featuretype[$i]->featuretype_namespace[$j]["value"]);
+ $t = array("i", "s", "s", "s");
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
}
}
# TABLE gui_wfs
$sql ="INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id)";
- $sql .= "VALUES(";
- $sql .= "'" . $gui_id . "', ";
- $sql .= $myWFS;
- $sql .= ");";
+ $sql .= "VALUES ($1, $2)";
+ $v = array($gui_id, $myWFS);
+ $t = array("s", "i");
- $res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+ $res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
}
function cleanDB($wfsid,$sql){
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $s = "DELETE FROM wfs WHERE wfs_id = ".$wfsid;
- $res = db_query($s);
+ $s = "DELETE FROM wfs WHERE wfs_id = $1";
+ $v = array($wfsid);
+ $t = array("i");
+ $res = db_prep_query($s, $v, $t);
echo "<br>Error in :".$sql."<br>";
echo "<br>Db cleaned.<br>";
die;
Modified: tags/2.4.4_su/2.4.4_leak/http/classes/class_wfs_conf.php
===================================================================
--- tags/2.4.4/http/classes/class_wfs_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_wfs_conf.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,5 @@
<?php
-# $Id: class_wfs_conf.php 530 2006-06-19 15:08:35Z vera_schulze $
+# $Id$
# http://www.mapbender.org/index.php/class_wfs_conf.php
# Copyright (C) 2002 CCGIS
#
@@ -91,8 +91,10 @@
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = ".$id;
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = $1";
+ $v = array($id);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while ($row = db_fetch_array($res)){
$this->featuretype_id[$cnt] = $row["featuretype_id"];
@@ -118,8 +120,10 @@
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wfs_element WHERE fkey_featuretype_id = ".$fid;
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs_element WHERE fkey_featuretype_id = $1";
+ $v = array($fid);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while ($row = db_fetch_array($res)){
$this->element_id[$cnt] = $row["element_id"];
@@ -142,8 +146,10 @@
global $DBSERVER,$DB,$OWNER,$PW;
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wfs_featuretype_namespace WHERE fkey_featuretype_id = ".$fid;
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs_featuretype_namespace WHERE fkey_featuretype_id = $1";
+ $v = array($fid);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while ($row = db_fetch_array($res)){
$this->namespace_name[$cnt] = $row["namespace"];
Deleted: tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php
===================================================================
--- tags/2.4.4/http/classes/class_wmc.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,715 +0,0 @@
-<?php
-# $Id: class_wmc.php 645 2006-12-08 12:58:39Z christoph $
-# http://www.mapbender.org/index.php/class_wmc.php
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-require_once("../classes/class_wms.php");
-require_once("../classes/class_mb_exception.php");
-require_once("../classes/class_administration.php");
-
-function sepNameSpace($s){
- $c = strpos($s,":");
- if($c>0)return substr($s,$c+1);
- return $s;
-}
-class wmc {
-
- var $wmc_id;
- var $wmc_version;
- var $wmc_windowWidth;
- var $wmc_windowHeight;
- var $wmc_bBox_SRS;
- var $wmc_bBox_minx;
- var $wmc_bBox_maxx;
- var $wmc_bBox_miny;
- var $wmc_bBox_maxy;
- var $wmc_name;
- var $wmc_title;
- var $wmc_abstract;
- var $wmc_logourl;
- var $wmc_logourl_format;
- var $wmc_logourl_type;
- var $wmc_logourl_width;
- var $wmc_logourl_height;
- var $wmc_descriptionurl;
- var $wmc_descriptionurl_format;
- var $wmc_descriptionurl_type;
- var $wmc_keyword = array();
- var $wmc_contactposition;
- var $wmc_contactvoicetelephone;
- var $wmc_contactemail;
- var $wmc_contactfacsimiletelephone;
- var $wmc_contactperson;
- var $wmc_contactorganization;
- var $wmc_contactaddresstype;
- var $wmc_contactaddress;
- var $wmc_contactcity;
- var $wmc_contactstateorprovince;
- var $wmc_contactpostcode;
- var $wmc_contactcountry;
-
- var $wmc_wms_title = array();
- var $wmc_layer_queryable = array();
- var $wmc_layer_querylayer = array();
- var $wmc_layer_hidden = array();
- var $wmc_wms_id = array();
- var $wmc_wms_service = array();
- var $wmc_wms_version = array();
- var $wmc_layer_id = array();
- var $wmc_layer_title = array();
- var $wmc_layer_name = array();
- var $wmc_layer_abstract = array();
- var $wmc_layer_srs = array();
- var $wmc_wms_serviceURL = array();
- var $wmc_layer_format_current = array();
- var $wmc_layer_dataurl = array();
- var $wmc_layer_metadataurl = array();
- var $wmc_layer_minscale = array();
- var $wmc_layer_maxscale = array();
- var $wmc_layer_format = array();
- var $wmc_layer_style_current = array();
- var $wmc_layer_style_name = array();
- var $wmc_layer_style_title = array();
- var $wmc_layer_style_legendurl = array();
- var $wmc_layer_style_legendurl_width = array();
- var $wmc_layer_style_legendurl_height = array();
- var $wmc_layer_style_legendurl_format = array();
- var $wmc_layer_style_legendurl_type = array();
- var $wmc_layer_style_sld_url = array();
- var $wmc_layer_style_sld_type = array();
- var $wmc_layer_style_sld_title = array();
- var $wmc_wms_count = 0;
-
- function wmc() {
- }
-
- function getTitle() {
- return $this->wmc_title;
- }
-
- function getNumberOfWms () {
- return $this->wmc_wms_count;
- }
-
- function createObjFromWMC_id($wmc_id){
-
- $con = db_connect(DBSERVER,OWNER,PW);
- db_select_db(DB, $con);
-
- $sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1";
- $v = array($wmc_id);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- $wmc = db_fetch_array($res);
- $this->createObjFromWMC_xml($wmc[0]);
-
- }
-
- function createObjFromWMC_xml($data){
- $values = NULL;
- $tags = NULL;
- $parser = xml_parser_create(CHARSET);
- xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
- xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
- xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
- xml_parse_into_struct($parser,$data,$values,$tags);
- $code = xml_get_error_code ($parser);
- if ($code) {
- $line = xml_get_current_line_number($parser);
- $mb_exception = new mb_exception(xml_error_string($code) . " in line " . $line);
- return false;
- }
- xml_parser_free($parser);
-
- $section = NULL;
- $format = NULL;
- $cnt_format = 0;
- $parent = array();
- $myParent = array();
- $cnt_layer = -1;
- $request = NULL;
- $layer_style = array();
- $cnt_style = -1;
- $extension = false;
-
- $general = false;
- $layerlist = false;
- $layer = false;
- $formatlist = false;
- $metadataurl = false;
- $dataurl = false;
- $stylelist = false;
-
- foreach ($values as $element) {
- if(strtoupper($element[tag]) == "VIEWCONTEXT" && $element[type] == "open"){
- $this->wmc_id = $element[attributes]["id"];
- $this->wmc_version = $element[attributes]["version"];
- }
- if(strtoupper($element[tag]) == "GENERAL" && $element[type] == "open"){
- $general = true;
- }
- if(strtoupper($element[tag]) == "LAYERLIST" && $element[type] == "open"){
- $layerlist = true;
- }
- if ($general) {
- if(strtoupper($element[tag]) == "WINDOW"){
- $this->wmc_windowWidth = $element[attributes]["width"];
- $this->wmc_windowHeight = $element[attributes]["height"];
- }
- if(strtoupper($element[tag]) == "BOUNDINGBOX"){
- $this->wmc_bBox_SRS = $element[attributes]["SRS"];
- $this->wmc_bBox_minx = $element[attributes]["minx"];
- $this->wmc_bBox_miny = $element[attributes]["miny"];
- $this->wmc_bBox_maxx = $element[attributes]["maxx"];
- $this->wmc_bBox_maxy = $element[attributes]["maxy"];
- }
- if(strtoupper($element[tag]) == "NAME"){
- $this->wmc_name = $element[value];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_title = $element[value];
- }
- if(strtoupper($element[tag]) == "ABSTRACT"){
- $this->wmc_abstract = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTINFORMATION" && $element['type'] == "open"){
- $contactinformation = true;
- }
- if ($contactinformation) {
- if(strtoupper($element[tag]) == "CONTACTPOSITION"){
- $this->wmc_contactposition = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTVOICETELEPHONE"){
- $this->wmc_contactvoicetelephone = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTFACSIMILETELEPHONE"){
- $this->wmc_contactfacsimiletelephone = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTELECTRONICMAILADDRESS"){
- $this->wmc_contactemail = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "open"){
- $contactpersonprimary = true;
- }
- if ($contactpersonprimary) {
- if(strtoupper($element[tag]) == "CONTACTPERSON"){
- $this->wmc_contactperson = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTORGANIZATION"){
- $this->wmc_contactorganization = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "close"){
- $contactpersonprimary = false;
- }
- }
- if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "open"){
- $contactaddress = true;
- }
- if ($contactaddress) {
- if(strtoupper($element[tag]) == "ADDRESSTYPE"){
- $this->wmc_contactaddresstype = $element[value];
- }
- if(strtoupper($element[tag]) == "ADDRESS"){
- $this->wmc_contactaddress = $element[value];
- }
- if(strtoupper($element[tag]) == "CITY"){
- $this->wmc_contactcity = $element[value];
- }
- if(strtoupper($element[tag]) == "STATEORPROVINCE"){
- $this->wmc_contactstateorprovince = $element[value];
- }
- if(strtoupper($element[tag]) == "POSTCODE"){
- $this->wmc_contactpostcode = $element[value];
- }
- if(strtoupper($element[tag]) == "COUNTRY"){
- $this->wmc_contactcountry = $element[value];
- }
- if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "close"){
- $contactaddress = false;
- }
- }
- }
- if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "open"){
- $logourl = true;
- $this->wmc_logourl_width = $element[attributes]["width"];
- $this->wmc_logourl_height = $element[attributes]["height"];
- $this->wmc_logourl_format = $element[attributes]["format"];
- }
- if ($logourl) {
- if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "close"){
- $logourl = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_logourl_type = $element[attributes]["xlink:type"];
- $this->wmc_logourl = $element[attributes]["xlink:href"];
- }
- }
- if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "open"){
- $descriptionurl = true;
- $this->wmc_descriptionurl_format = $element[attributes]["format"];
- }
- if ($descriptionurl) {
- if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "close"){
- $descriptionurl = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_descriptionurl_type = $element[attributes]["xlink:type"];
- $this->wmc_descriptionurl = $element[attributes]["xlink:href"];
- }
- }
- if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "open"){
- $keywordlist = true;
- }
- if ($keywordlist) {
- if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "close"){
- $keywordlist = false;
- $cnt_keyword = -1;
- }
- if(strtoupper($element[tag]) == "KEYWORD"){
- $cnt_keyword++;
- $this->wmc_keyword[$cnt_keyword] = $element[value];
- }
- }
-
- if(strtoupper($element[tag]) == "GENERAL" && $element['type'] == "close"){
- $general = false;
- }
- }
- if ($layerlist) {
- if(strtoupper($element[tag]) == "LAYERLIST" && $element['type'] == "close"){
- $layerlist = false;
- }
- if(strtoupper($element[tag]) == "LAYER" && $element[type] == "open"){
- $cnt_layer++;
- $this->wmc_layer_queryable[$cnt_layer] = $element[attributes]["queryable"];
- $this->wmc_layer_hidden[$cnt_layer] = $element[attributes]["hidden"];
- $layer = true;
- $cnt_epsg = 0;
- }
- if ($layer) {
- if(strtoupper($element[tag]) == "LAYER" && $element[type] == "close"){
- $layer = false;
- }
- if ($formatlist) {
- if(strtoupper($element[tag]) == "FORMAT"){
- $cnt_format++;
- $this->wmc_layer_format_current[$cnt_layer][$cnt_format] = $element[attributes]["current"];
- $this->wmc_layer_format[$cnt_layer][$cnt_format] = $element[value];
- }
- if(strtoupper($element[tag]) == "FORMATLIST" && $element[type] == "close"){
- $formatlist = false;
- }
- }
- elseif ($metadataurl) {
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_metadataurl[$cnt_layer] = $element[attributes]["xlink:href"];
- }
- if(strtoupper($element[tag]) == "METADATAURL" && $element[type] == "close"){
- $metadataurl = false;
- }
- }
- elseif ($dataurl) {
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_dataurl[$cnt_layer] = $element[attributes]["xlink:href"];
- }
- if(strtoupper($element[tag]) == "DATAURL" && $element[type] == "close"){
- $dataurl = false;
- }
- }
- elseif ($stylelist) {
- if(strtoupper($element[tag]) == "STYLE" && $element[type] == "open"){
- $cnt_style++;
- $style = true;
- $this->wmc_layer_style_current[$cnt_layer][$cnt_style] = $element[attributes]["current"];
- }
- if ($style) {
- if(strtoupper($element[tag]) == "STYLE" && $element[type] == "close"){
- $style = false;
- }
- if(strtoupper($element[tag]) == "SLD" && $element[type] == "open"){
- $sld = true;
- }
- if ($sld) {
- if(strtoupper($element[tag]) == "SLD" && $element[type] == "close"){
- $sld = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_style_sld_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
- $this->wmc_layer_style_sld_url[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_layer_style_sld_title[$cnt_layer][$cnt_style] = $element[value];
- }
- }
- else {
- if(strtoupper($element[tag]) == "NAME"){
- $this->wmc_layer_style_name[$cnt_layer][$cnt_style] = $element[value];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_layer_style_title[$cnt_layer][$cnt_style] = $element[value];
- }
- if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "open"){
- $legendurl = true;
- $this->wmc_layer_style_legendurl_width[$cnt_layer][$cnt_style] = $element[attributes]["width"];
- $this->wmc_layer_style_legendurl_height[$cnt_layer][$cnt_style] = $element[attributes]["height"];
- $this->wmc_layer_style_legendurl_format[$cnt_layer][$cnt_style] = $element[attributes]["format"];
- }
- if ($legendurl) {
- if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "close"){
- $legendurl = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_layer_style_legendurl_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
- $this->wmc_layer_style_legendurl[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
- }
- }
- }
- }
- if(strtoupper($element[tag]) == "STYLELIST" && $element[type] == "close"){
- $stylelist = false;
- }
- }
- else {
- if(strtoupper($element[tag]) == "SERVER" && $element[type] == "open"){
- $server = true;
- $this->wmc_wms_service[$cnt_layer] = $element[attributes]["service"];
- $this->wmc_wms_version[$cnt_layer] = $element[attributes]["version"];
- $this->wmc_wms_title[$cnt_layer] = $element[attributes]["title"];
- }
- if ($server) {
- if(strtoupper($element[tag]) == "SERVER" && $element[type] == "close"){
- $server = false;
- }
- if(strtoupper($element[tag]) == "ONLINERESOURCE"){
- $this->wmc_wms_serviceURL[$cnt_layer] = $element[attributes]["xlink:href"];
- }
- }
- if(strtoupper($element[tag]) == "NAME"){
- $this->wmc_layer_name[$cnt_layer] = $element[value];
- }
- if(strtoupper($element[tag]) == "TITLE"){
- $this->wmc_layer_title[$cnt_layer] = $element[value];
- }
- if(strtoupper($element[tag]) == "ABSTRACT"){
- $this->wmc_layer_abstract[$cnt_layer] = $element[value];
- }
- if(strtoupper($element[tag]) == "SRS"){
- $epsgArray = explode(" ", $element[value]);
-
- for ($c = 0 ; $c < count($epsgArray) ; $c ++) {
- $this->wmc_layer_srs[$cnt_layer][$cnt_epsg] = $epsgArray[$c];
- $cnt_epsg++;
- }
- }
- if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "open") {
- $extension = true;
- }
- if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "close") {
- $extension = false;
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "SCALEHINT"){
- $this->wmc_layer_minscale[$cnt_layer] = $element[attributes]["min"];
- $this->wmc_layer_maxscale[$cnt_layer] = $element[attributes]["max"];
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "LAYER_ID"){
- $this->wmc_layer_id[$cnt_layer] = $element[value];
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "WMS_ID"){
- $this->wmc_wms_id[$cnt_layer] = $element[value];
- }
- if($extension == true && strtoupper(sepNameSpace($element[tag])) == "QUERYLAYER"){
- $this->wmc_layer_querylayer[$cnt_layer] = $element[value];
- }
- if(strtoupper(sepNameSpace($element[tag])) == "METADATAURL" && $element[type] == "open"){
- $metadataurl = true;
- }
- if(strtoupper(sepNameSpace($element[tag])) == "DATAURL" && $element[type] == "open"){
- $dataurl = true;
- }
- if(strtoupper(sepNameSpace($element[tag])) == "FORMATLIST" && $element[type] == "open"){
- $formatlist = true;
- $cnt_format = -1;
- }
- if(strtoupper(sepNameSpace($element[tag])) == "STYLELIST" && $element[type] == "open"){
- $stylelist = true;
- $cnt_style = -1;
- }
- }
- }
- }
- }
- return true;
- }
-
- function createJsObjFromWMC($target, $mapObj, $action){
- $wmc_string = "";
- $validActions = array("load", "merge", "append");
- if (!in_array($action, $validActions)) {
- $wmc_string .= "alert('invalid action: ".$action."');";
- }
- else {
- $wmc_string .= "var index = " . $target . "getMapObjIndexByName('" . $mapObj . "');\n";
- if ($action == "load") {
- // delete all previous wms
- $wmc_string .= "while(" . $target . "mb_mapObj[index].wms.length > 0){" . $target . "mb_mapObjremoveWMS(index,0);}";
- $wmc_string .= $target . "deleteWmsObject();\n";
- }
- if ($action == "merge") {
- $wmc_string .= "var wms_exists = false;\n"; // true if this wms exists in the mapObj
- $wmc_string .= "var current_wms_index = null;\n"; // if wms_exists: index of the wms in the map obj; else: null
- $wmc_string .= "var layer_exists = false;\n"; // true if this layer exists in an existing wms of the mapObj
- $wmc_string .= "var current_layer_index = null;\n"; // if layer_exists: index of the layer of the wms in the mapObj; else: null
- }
- $new_wms = "";
- $cnt_wms = -1;
- $added_wms = array();
-
- // for all layers in wmc, find individual wms...
- for ($i = 0; $i < count($this->wmc_layer_title); $i++) {
- $current_wms = $this->wmc_wms_serviceURL[$i];
- // ...this is something like 'for every wms'
- if (!in_array($current_wms , $added_wms)) {
- $layerlist = "";
- $querylayerlist = "";
- $srs_array = array();
-
- if ($action == "merge") {
- $wmc_string .= "wms_exists = false;\n";
- $wmc_string .= "current_wms_index = null;\n";
- $wmc_string .= "for (var m=0; m < " . $target . "mb_mapObj[index].wms.length; m++) {\n";
- $wmc_string .= "\tif ('" . $this->wmc_wms_serviceURL[$i] . "' == " . $target . "mb_mapObj[index].wms[m].wms_getmap) {\n";
- $wmc_string .= "\t\twms_exists = true;\n";
- $wmc_string .= "\t\tcurrent_wms_index = m;\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "}\n";
- $wmc_string .= "if (!wms_exists) {\n";
- }
-
- $mywms = new wms();
-
- if(!$this->wmc_layer_title[$i] || $this->wmc_layer_title[$i] == ""){
- echo "alert('Error: no valid capabilities-document !!');\n";
- die; exit;
- }
-
- for($j=0;$j<count($this->wmc_layer_format[$i]);$j++){
- if ($this->wmc_layer_format_current[$i][$j] == 1) {
- $wms_data_format = $this->wmc_layer_format[$i][$j];
- }
- }
- // add wms
- $wmc_string .= "\t" . $target . "add_wms('','".
- $this->wmc_wms_version[$i] ."','".
- $this->wmc_wms_title[$i] ."','".
- $this->wmc_layer_abstract[$i] ."','".
- $this->wmc_wms_serviceURL[$i] ."','" .
- $this->wmc_wms_serviceURL[$i] ."','" .
- $this->wmc_layer_style_legendurl[$i][0] ."','','".
- $wms_data_format ."','text/html','application/vnd.ogc.se_xml','".
- $this->wmc_bBox_SRS ."','1');\n";
-
- $added_wms[count($added_wms)] = $current_wms;
- $cnt_wms++;
- $cnt_layers = 0;
- $cnt_query_layers = 0;
- if ($action == "merge") {
- $wmc_string .= "}\n";
- }
-
- // add epsg
- $wmc_string .= $target . "wms_addSRS('".
- $this->wmc_bBox_SRS ."','".
- $this->wmc_bBox_minx ."','".
- $this->wmc_bBox_miny ."','".
- $this->wmc_bBox_maxx ."','".
- $this->wmc_bBox_maxy ."','".
- "');\n";
-
- // for each layer...
- for ($ii = 0; $ii < count($this->wmc_layer_title); $ii++) {
- $layer_wms = $this->wmc_wms_serviceURL[$ii];
- // ... of this wms
- if ($current_wms == $layer_wms) {
-
- // add format (FIXME: is this working?)
- $z = count($this->wmc_layer_format[$ii]);
- for($j=0;$j<$z;$j++){
- $wmc_string .= $target . "wms_add_data_type_format('map','". $this->wmc_layer_format[$ii][$j] ."');\n";
- }
-
- if ($cnt_layers == 0) {
- if ($action == "merge") {
- $wmc_string .= "if (!wms_exists) {\n\t";
- }
- // add parent layer
- $wmc_string .= $target . "wms_add_layer('','".$this->wmc_layer_id[$i]."','','". $this->wmc_wms_title[$i] ."','','0','0','0','0','','".$this->wmc_wms_id[$i]."','1','1','1','0','0','0','0');\n";
- if ($action == "merge") {
- $wmc_string .= "}\n";
- }
- }
-
- $cnt_layers++;
-
- if ($action == "merge") {
- $wmc_string .= "if (wms_exists) {\n";
-
- // check if this layer already exists in this wms
- $wmc_string .= "\tlayer_exists = false;\n";
- $wmc_string .= "\tcurrent_layer_index = null;\n";
- $wmc_string .= "\tfor (var m=0; m < " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer.length; m++) {\n";
- $wmc_string .= "\t\tif ('" . $this->wmc_layer_name[$ii] . "' == " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[m].layer_name) {\n";
- $wmc_string .= "\t\t\tlayer_exists = true;\n";
- $wmc_string .= "\t\t\tcurrent_layer_index = m;\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t}\n";
-
- $wmc_string .= "\tif (layer_exists) {\n";
- // check if the visibility or the queryability are different to the existing layer
- $wmc_string .= "\t\tif (" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible != '" . intval(!$this->wmc_layer_hidden[$ii]) . "'";
- $wmc_string .= " || " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer != '" . $this->wmc_layer_queryable[$ii] . "') {\n";
-
- // if yes, update the visibility and queryability
- $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible = " . intval(!$this->wmc_layer_hidden[$ii]) . ";\n";
- $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer = " . $this->wmc_layer_queryable[$ii] . ";\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "}\n";
- $wmc_string .= "\telse {\n";
- }
-
- // add layer
- $wmc_string .= "\t" . $target . "wms_add_layer('0','".
- $this->wmc_layer_id[$ii] . "','".
- $this->wmc_layer_name[$ii] . "','".
- $this->wmc_layer_title[$ii] ."','".
- $this->wmc_layer_dataurl[$ii] . "','".
- intval($cnt_layers) ."','".
- $this->wmc_layer_queryable[$ii] ."','".
- $this->wmc_layer_minscale[$ii] ."','".
- $this->wmc_layer_maxscale[$ii] ."','".
- $this->wmc_layer_metadataurl[$ii] ."','".
- $this->wmc_wms_id[$ii] ."','1','1','".
- intval(!$this->wmc_layer_hidden[$ii]) ."','".
- $this->wmc_layer_queryable[$ii] ."','".
- $this->wmc_layer_querylayer[$ii] ."','".
- $this->wmc_layer_minscale[$ii] ."','".
- $this->wmc_layer_maxscale[$ii] ."');\n";
-
- if ($action == "merge") {
- $wmc_string .= "\t}\n";
- }
-
- // if layer is queryable, add it to querylayerlist
- if ($this->wmc_layer_queryable[$ii]) {
- $cnt_query_layers++;
- if (!in_array($this->wmc_layer_name[$ii], explode(",",$querylayerlist))) {
- if ($querylayerlist == "") {$querylayerlist = $this->wmc_layer_name[$ii];} else {$querylayerlist .= "," . $this->wmc_layer_name[$ii];}
- }
- }
- // if layer is visible, add it to layerlist
- if (intval(!$this->wmc_layer_hidden[$ii]) && !in_array($this->wmc_layer_name[$ii], explode(",",$layerlist))) {
- if ($layerlist == "") {$layerlist = $this->wmc_layer_name[$ii];} else {$layerlist .= "," . $this->wmc_layer_name[$ii];}
- }
-
- // add layer style (FIXME: is this working?)
- for($j=0; $j<count($this->wmc_layer_style_name[$ii]);$j++){
- $wmc_string .= $target . "wms_addLayerStyle('".$this->wmc_layer_style_name[$ii][$j] ."','".$this->wmc_layer_style_title[$ii][$j] ."','".$j."','".$cnt_layers."', '" . $this->wmc_layer_style_legendurl[$ii][$j] . "', '" . $this->wmc_layer_style_legendurl_format[$ii][$j] . "');\n";
- }
- }
- }
- // add wms to mapObj with all layers and querylayers
- if ($action == "merge") {
- $wmc_string .= "if (!wms_exists) {\n";
- }
- $wmc_string .= $target. "mb_mapObjaddWMSwithLayers('" . $mapObj . "', '" . $layerlist . "', '" . $querylayerlist . "');\n";
- if ($action == "merge") {
- $wmc_string .= "}\n";
- $wmc_string .= "else {\n";
- $wmc_string .= $target. "mb_mapObj[index].layers[current_wms_index] = \"" . $layerlist . "\";\n";
- $wmc_string .= $target. "mb_mapObj[index].querylayers[current_wms_index] = \"" . $querylayerlist . "\";\n";
- $wmc_string .= "}\n";
- }
- }
- }
- $wmc_string .= "var old_mapObj = ".$target."cloneObject(".$target."mb_mapObj);\n";
- $wmc_string .= $target . "deleteMapObj();\n";
- $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
- $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
- $wmc_string .= "\t\t" . $target . "mb_registerMapObj(old_mapObj[i].frameName, old_mapObj[i].elementName, null, " . $this->wmc_windowWidth . ", " . $this->wmc_windowHeight . ");\n";
- $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.width = " . $this->wmc_windowWidth . ";\n";
- $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.height = " . $this->wmc_windowHeight . ";\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "\telse {\n";
- $wmc_string .= "\t\tvar found = false;\n";
- $wmc_string .= "\t\tfor (var j=0; j < " . $target . "wms.length && found == false; j++) {\n";
- $wmc_string .= "\t\t\tif (" . $target . "wms[j].wms_getmap == old_mapObj[i].wms[0].wms_getmap) {\n";
- $wmc_string .= "\t\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, j, old_mapObj[i].width, old_mapObj[i].height);\n";
- $wmc_string .= "\t\t\t\tfound = true;\n";
- $wmc_string .= "\t\t\t}\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t\tif (!found) {\n";
- $wmc_string .= "\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, 0, old_mapObj[i].width, old_mapObj[i].height);\n";
- $wmc_string .= "\t\t}\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "}\n";
-
- $sql = "SELECT minx, miny, maxx, maxy FROM layer_epsg WHERE fkey_layer_id = $1 AND epsg = $2 LIMIT 1";
- $v = array($this->wmc_layer_id[0], $this->wmc_bBox_SRS);
- $t = array('i', 's');
- $res = db_prep_query($sql, $v, $t);
- $row = db_fetch_array($res);
- if ($row["minx"] && $row["miny"] && $row["maxx"] && $row["maxy"]) {
- $ov_bbox = array($row["minx"],$row["miny"],$row["maxx"],$row["maxy"]);
- }
- else if ($this->wmc_layer_id[0] && $this->wmc_bBox_SRS){
- $ov_bbox = array($this->wmc_bBox_minx, $this->wmc_bBox_miny, $this->wmc_bBox_maxx, $this->wmc_bBox_maxy);
- }
- else {
- $ov_bbox = array();
- }
- $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
- $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
- $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
- $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
- $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
- $wmc_string .= "\t}\n";
- $wmc_string .= "\telse {\n";
- if (count($ov_bbox)>0) {
-// $wmc_string .= "alert('found bbox for ov: ".implode(',',$ov_bbox)."');";
- $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
- $wmc_string .= $ov_bbox[0] .",".$ov_bbox[1] .",";
- $wmc_string .= $ov_bbox[2] .",".$ov_bbox[3] .");\n";
- }
- else {
-// $wmc_string .= "alert('no bbox found for ov: old bbox ".$this->wmc_bBox_minx." etc');";
- $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
- $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
- $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
-// $wmc_string .= "\t\tvar ov_index = " . $target . "getMapObjIndexByName('overview');\n";
-// $wmc_string .= "\t\t" . $target . "mb_mapObj[ov_index].extent = old_mapObj[i].extent;\n";
- }
- $wmc_string .= "\t}\n";
- $wmc_string .= "\t". $target . "setMapRequest(old_mapObj[i].frameName);\n";
- $wmc_string .= "}\n";
- $wmc_string .= $target . "mb_execloadWmsSubFunctions();\n";
- }
- return $wmc_string;
- }
-}
-// end class
-?>
Copied: tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php (from rev 2025, tags/2.4.4/http/classes/class_wmc.php)
===================================================================
--- tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php (rev 0)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_wmc.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -0,0 +1,715 @@
+<?php
+# $Id: class_wmc.php 645 2006-12-08 12:58:39Z christoph $
+# http://www.mapbender.org/index.php/class_wmc.php
+# Copyright (C) 2002 CCGIS
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+require_once("../../conf/mapbender.conf");
+require_once("../classes/class_wms.php");
+require_once("../classes/class_mb_exception.php");
+require_once("../classes/class_administration.php");
+
+function sepNameSpace($s){
+ $c = strpos($s,":");
+ if($c>0)return substr($s,$c+1);
+ return $s;
+}
+class wmc {
+
+ var $wmc_id;
+ var $wmc_version;
+ var $wmc_windowWidth;
+ var $wmc_windowHeight;
+ var $wmc_bBox_SRS;
+ var $wmc_bBox_minx;
+ var $wmc_bBox_maxx;
+ var $wmc_bBox_miny;
+ var $wmc_bBox_maxy;
+ var $wmc_name;
+ var $wmc_title;
+ var $wmc_abstract;
+ var $wmc_logourl;
+ var $wmc_logourl_format;
+ var $wmc_logourl_type;
+ var $wmc_logourl_width;
+ var $wmc_logourl_height;
+ var $wmc_descriptionurl;
+ var $wmc_descriptionurl_format;
+ var $wmc_descriptionurl_type;
+ var $wmc_keyword = array();
+ var $wmc_contactposition;
+ var $wmc_contactvoicetelephone;
+ var $wmc_contactemail;
+ var $wmc_contactfacsimiletelephone;
+ var $wmc_contactperson;
+ var $wmc_contactorganization;
+ var $wmc_contactaddresstype;
+ var $wmc_contactaddress;
+ var $wmc_contactcity;
+ var $wmc_contactstateorprovince;
+ var $wmc_contactpostcode;
+ var $wmc_contactcountry;
+
+ var $wmc_wms_title = array();
+ var $wmc_layer_queryable = array();
+ var $wmc_layer_querylayer = array();
+ var $wmc_layer_hidden = array();
+ var $wmc_wms_id = array();
+ var $wmc_wms_service = array();
+ var $wmc_wms_version = array();
+ var $wmc_layer_id = array();
+ var $wmc_layer_title = array();
+ var $wmc_layer_name = array();
+ var $wmc_layer_abstract = array();
+ var $wmc_layer_srs = array();
+ var $wmc_wms_serviceURL = array();
+ var $wmc_layer_format_current = array();
+ var $wmc_layer_dataurl = array();
+ var $wmc_layer_metadataurl = array();
+ var $wmc_layer_minscale = array();
+ var $wmc_layer_maxscale = array();
+ var $wmc_layer_format = array();
+ var $wmc_layer_style_current = array();
+ var $wmc_layer_style_name = array();
+ var $wmc_layer_style_title = array();
+ var $wmc_layer_style_legendurl = array();
+ var $wmc_layer_style_legendurl_width = array();
+ var $wmc_layer_style_legendurl_height = array();
+ var $wmc_layer_style_legendurl_format = array();
+ var $wmc_layer_style_legendurl_type = array();
+ var $wmc_layer_style_sld_url = array();
+ var $wmc_layer_style_sld_type = array();
+ var $wmc_layer_style_sld_title = array();
+ var $wmc_wms_count = 0;
+
+ function wmc() {
+ }
+
+ function getTitle() {
+ return $this->wmc_title;
+ }
+
+ function getNumberOfWms () {
+ return $this->wmc_wms_count;
+ }
+
+ function createObjFromWMC_id($wmc_id){
+
+ $con = db_connect(DBSERVER,OWNER,PW);
+ db_select_db(DB, $con);
+
+ $sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1";
+ $v = array($wmc_id);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $wmc = db_fetch_array($res);
+ $this->createObjFromWMC_xml($wmc[0]);
+
+ }
+
+ function createObjFromWMC_xml($data){
+ $values = NULL;
+ $tags = NULL;
+ $parser = xml_parser_create(CHARSET);
+ xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
+ xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
+ xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
+ xml_parse_into_struct($parser,$data,$values,$tags);
+ $code = xml_get_error_code ($parser);
+ if ($code) {
+ $line = xml_get_current_line_number($parser);
+ $mb_exception = new mb_exception(xml_error_string($code) . " in line " . $line);
+ return false;
+ }
+ xml_parser_free($parser);
+
+ $section = NULL;
+ $format = NULL;
+ $cnt_format = 0;
+ $parent = array();
+ $myParent = array();
+ $cnt_layer = -1;
+ $request = NULL;
+ $layer_style = array();
+ $cnt_style = -1;
+ $extension = false;
+
+ $general = false;
+ $layerlist = false;
+ $layer = false;
+ $formatlist = false;
+ $metadataurl = false;
+ $dataurl = false;
+ $stylelist = false;
+
+ foreach ($values as $element) {
+ if(strtoupper($element[tag]) == "VIEWCONTEXT" && $element[type] == "open"){
+ $this->wmc_id = $element[attributes]["id"];
+ $this->wmc_version = $element[attributes]["version"];
+ }
+ if(strtoupper($element[tag]) == "GENERAL" && $element[type] == "open"){
+ $general = true;
+ }
+ if(strtoupper($element[tag]) == "LAYERLIST" && $element[type] == "open"){
+ $layerlist = true;
+ }
+ if ($general) {
+ if(strtoupper($element[tag]) == "WINDOW"){
+ $this->wmc_windowWidth = $element[attributes]["width"];
+ $this->wmc_windowHeight = $element[attributes]["height"];
+ }
+ if(strtoupper($element[tag]) == "BOUNDINGBOX"){
+ $this->wmc_bBox_SRS = $element[attributes]["SRS"];
+ $this->wmc_bBox_minx = $element[attributes]["minx"];
+ $this->wmc_bBox_miny = $element[attributes]["miny"];
+ $this->wmc_bBox_maxx = $element[attributes]["maxx"];
+ $this->wmc_bBox_maxy = $element[attributes]["maxy"];
+ }
+ if(strtoupper($element[tag]) == "NAME"){
+ $this->wmc_name = $element[value];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_title = $element[value];
+ }
+ if(strtoupper($element[tag]) == "ABSTRACT"){
+ $this->wmc_abstract = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTINFORMATION" && $element['type'] == "open"){
+ $contactinformation = true;
+ }
+ if ($contactinformation) {
+ if(strtoupper($element[tag]) == "CONTACTPOSITION"){
+ $this->wmc_contactposition = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTVOICETELEPHONE"){
+ $this->wmc_contactvoicetelephone = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTFACSIMILETELEPHONE"){
+ $this->wmc_contactfacsimiletelephone = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTELECTRONICMAILADDRESS"){
+ $this->wmc_contactemail = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "open"){
+ $contactpersonprimary = true;
+ }
+ if ($contactpersonprimary) {
+ if(strtoupper($element[tag]) == "CONTACTPERSON"){
+ $this->wmc_contactperson = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTORGANIZATION"){
+ $this->wmc_contactorganization = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "close"){
+ $contactpersonprimary = false;
+ }
+ }
+ if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "open"){
+ $contactaddress = true;
+ }
+ if ($contactaddress) {
+ if(strtoupper($element[tag]) == "ADDRESSTYPE"){
+ $this->wmc_contactaddresstype = $element[value];
+ }
+ if(strtoupper($element[tag]) == "ADDRESS"){
+ $this->wmc_contactaddress = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CITY"){
+ $this->wmc_contactcity = $element[value];
+ }
+ if(strtoupper($element[tag]) == "STATEORPROVINCE"){
+ $this->wmc_contactstateorprovince = $element[value];
+ }
+ if(strtoupper($element[tag]) == "POSTCODE"){
+ $this->wmc_contactpostcode = $element[value];
+ }
+ if(strtoupper($element[tag]) == "COUNTRY"){
+ $this->wmc_contactcountry = $element[value];
+ }
+ if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "close"){
+ $contactaddress = false;
+ }
+ }
+ }
+ if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "open"){
+ $logourl = true;
+ $this->wmc_logourl_width = $element[attributes]["width"];
+ $this->wmc_logourl_height = $element[attributes]["height"];
+ $this->wmc_logourl_format = $element[attributes]["format"];
+ }
+ if ($logourl) {
+ if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "close"){
+ $logourl = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_logourl_type = $element[attributes]["xlink:type"];
+ $this->wmc_logourl = $element[attributes]["xlink:href"];
+ }
+ }
+ if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "open"){
+ $descriptionurl = true;
+ $this->wmc_descriptionurl_format = $element[attributes]["format"];
+ }
+ if ($descriptionurl) {
+ if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "close"){
+ $descriptionurl = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_descriptionurl_type = $element[attributes]["xlink:type"];
+ $this->wmc_descriptionurl = $element[attributes]["xlink:href"];
+ }
+ }
+ if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "open"){
+ $keywordlist = true;
+ }
+ if ($keywordlist) {
+ if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "close"){
+ $keywordlist = false;
+ $cnt_keyword = -1;
+ }
+ if(strtoupper($element[tag]) == "KEYWORD"){
+ $cnt_keyword++;
+ $this->wmc_keyword[$cnt_keyword] = $element[value];
+ }
+ }
+
+ if(strtoupper($element[tag]) == "GENERAL" && $element['type'] == "close"){
+ $general = false;
+ }
+ }
+ if ($layerlist) {
+ if(strtoupper($element[tag]) == "LAYERLIST" && $element['type'] == "close"){
+ $layerlist = false;
+ }
+ if(strtoupper($element[tag]) == "LAYER" && $element[type] == "open"){
+ $cnt_layer++;
+ $this->wmc_layer_queryable[$cnt_layer] = $element[attributes]["queryable"];
+ $this->wmc_layer_hidden[$cnt_layer] = $element[attributes]["hidden"];
+ $layer = true;
+ $cnt_epsg = 0;
+ }
+ if ($layer) {
+ if(strtoupper($element[tag]) == "LAYER" && $element[type] == "close"){
+ $layer = false;
+ }
+ if ($formatlist) {
+ if(strtoupper($element[tag]) == "FORMAT"){
+ $cnt_format++;
+ $this->wmc_layer_format_current[$cnt_layer][$cnt_format] = $element[attributes]["current"];
+ $this->wmc_layer_format[$cnt_layer][$cnt_format] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "FORMATLIST" && $element[type] == "close"){
+ $formatlist = false;
+ }
+ }
+ elseif ($metadataurl) {
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_metadataurl[$cnt_layer] = $element[attributes]["xlink:href"];
+ }
+ if(strtoupper($element[tag]) == "METADATAURL" && $element[type] == "close"){
+ $metadataurl = false;
+ }
+ }
+ elseif ($dataurl) {
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_dataurl[$cnt_layer] = $element[attributes]["xlink:href"];
+ }
+ if(strtoupper($element[tag]) == "DATAURL" && $element[type] == "close"){
+ $dataurl = false;
+ }
+ }
+ elseif ($stylelist) {
+ if(strtoupper($element[tag]) == "STYLE" && $element[type] == "open"){
+ $cnt_style++;
+ $style = true;
+ $this->wmc_layer_style_current[$cnt_layer][$cnt_style] = $element[attributes]["current"];
+ }
+ if ($style) {
+ if(strtoupper($element[tag]) == "STYLE" && $element[type] == "close"){
+ $style = false;
+ }
+ if(strtoupper($element[tag]) == "SLD" && $element[type] == "open"){
+ $sld = true;
+ }
+ if ($sld) {
+ if(strtoupper($element[tag]) == "SLD" && $element[type] == "close"){
+ $sld = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_style_sld_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
+ $this->wmc_layer_style_sld_url[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_layer_style_sld_title[$cnt_layer][$cnt_style] = $element[value];
+ }
+ }
+ else {
+ if(strtoupper($element[tag]) == "NAME"){
+ $this->wmc_layer_style_name[$cnt_layer][$cnt_style] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_layer_style_title[$cnt_layer][$cnt_style] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "open"){
+ $legendurl = true;
+ $this->wmc_layer_style_legendurl_width[$cnt_layer][$cnt_style] = $element[attributes]["width"];
+ $this->wmc_layer_style_legendurl_height[$cnt_layer][$cnt_style] = $element[attributes]["height"];
+ $this->wmc_layer_style_legendurl_format[$cnt_layer][$cnt_style] = $element[attributes]["format"];
+ }
+ if ($legendurl) {
+ if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "close"){
+ $legendurl = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_layer_style_legendurl_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
+ $this->wmc_layer_style_legendurl[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
+ }
+ }
+ }
+ }
+ if(strtoupper($element[tag]) == "STYLELIST" && $element[type] == "close"){
+ $stylelist = false;
+ }
+ }
+ else {
+ if(strtoupper($element[tag]) == "SERVER" && $element[type] == "open"){
+ $server = true;
+ $this->wmc_wms_service[$cnt_layer] = $element[attributes]["service"];
+ $this->wmc_wms_version[$cnt_layer] = $element[attributes]["version"];
+ $this->wmc_wms_title[$cnt_layer] = $element[attributes]["title"];
+ }
+ if ($server) {
+ if(strtoupper($element[tag]) == "SERVER" && $element[type] == "close"){
+ $server = false;
+ }
+ if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+ $this->wmc_wms_serviceURL[$cnt_layer] = $element[attributes]["xlink:href"];
+ }
+ }
+ if(strtoupper($element[tag]) == "NAME"){
+ $this->wmc_layer_name[$cnt_layer] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "TITLE"){
+ $this->wmc_layer_title[$cnt_layer] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "ABSTRACT"){
+ $this->wmc_layer_abstract[$cnt_layer] = $element[value];
+ }
+ if(strtoupper($element[tag]) == "SRS"){
+ $epsgArray = explode(" ", $element[value]);
+
+ for ($c = 0 ; $c < count($epsgArray) ; $c ++) {
+ $this->wmc_layer_srs[$cnt_layer][$cnt_epsg] = $epsgArray[$c];
+ $cnt_epsg++;
+ }
+ }
+ if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "open") {
+ $extension = true;
+ }
+ if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "close") {
+ $extension = false;
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "SCALEHINT"){
+ $this->wmc_layer_minscale[$cnt_layer] = $element[attributes]["min"];
+ $this->wmc_layer_maxscale[$cnt_layer] = $element[attributes]["max"];
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "LAYER_ID"){
+ $this->wmc_layer_id[$cnt_layer] = $element[value];
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "WMS_ID"){
+ $this->wmc_wms_id[$cnt_layer] = $element[value];
+ }
+ if($extension == true && strtoupper(sepNameSpace($element[tag])) == "QUERYLAYER"){
+ $this->wmc_layer_querylayer[$cnt_layer] = $element[value];
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "METADATAURL" && $element[type] == "open"){
+ $metadataurl = true;
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "DATAURL" && $element[type] == "open"){
+ $dataurl = true;
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "FORMATLIST" && $element[type] == "open"){
+ $formatlist = true;
+ $cnt_format = -1;
+ }
+ if(strtoupper(sepNameSpace($element[tag])) == "STYLELIST" && $element[type] == "open"){
+ $stylelist = true;
+ $cnt_style = -1;
+ }
+ }
+ }
+ }
+ }
+ return true;
+ }
+
+ function createJsObjFromWMC($target, $mapObj, $action){
+ $wmc_string = "";
+ $validActions = array("load", "merge", "append");
+ if (!in_array($action, $validActions)) {
+ $wmc_string .= "alert('invalid action: ".$action."');";
+ }
+ else {
+ $wmc_string .= "var index = " . $target . "getMapObjIndexByName('" . $mapObj . "');\n";
+ if ($action == "load") {
+ // delete all previous wms
+ $wmc_string .= "while(" . $target . "mb_mapObj[index].wms.length > 0){" . $target . "mb_mapObjremoveWMS(index,0);}";
+ $wmc_string .= $target . "deleteWmsObject();\n";
+ }
+ if ($action == "merge") {
+ $wmc_string .= "var wms_exists = false;\n"; // true if this wms exists in the mapObj
+ $wmc_string .= "var current_wms_index = null;\n"; // if wms_exists: index of the wms in the map obj; else: null
+ $wmc_string .= "var layer_exists = false;\n"; // true if this layer exists in an existing wms of the mapObj
+ $wmc_string .= "var current_layer_index = null;\n"; // if layer_exists: index of the layer of the wms in the mapObj; else: null
+ }
+ $new_wms = "";
+ $cnt_wms = -1;
+ $added_wms = array();
+
+ // for all layers in wmc, find individual wms...
+ for ($i = 0; $i < count($this->wmc_layer_title); $i++) {
+ $current_wms = $this->wmc_wms_serviceURL[$i];
+ // ...this is something like 'for every wms'
+ if (!in_array($current_wms , $added_wms)) {
+ $layerlist = "";
+ $querylayerlist = "";
+ $srs_array = array();
+
+ if ($action == "merge") {
+ $wmc_string .= "wms_exists = false;\n";
+ $wmc_string .= "current_wms_index = null;\n";
+ $wmc_string .= "for (var m=0; m < " . $target . "mb_mapObj[index].wms.length; m++) {\n";
+ $wmc_string .= "\tif ('" . $this->wmc_wms_serviceURL[$i] . "' == " . $target . "mb_mapObj[index].wms[m].wms_getmap) {\n";
+ $wmc_string .= "\t\twms_exists = true;\n";
+ $wmc_string .= "\t\tcurrent_wms_index = m;\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "}\n";
+ $wmc_string .= "if (!wms_exists) {\n";
+ }
+
+ $mywms = new wms();
+
+ if(!$this->wmc_layer_title[$i] || $this->wmc_layer_title[$i] == ""){
+ echo "alert('Error: no valid capabilities-document !!');\n";
+ die; exit;
+ }
+
+ for($j=0;$j<count($this->wmc_layer_format[$i]);$j++){
+ if ($this->wmc_layer_format_current[$i][$j] == 1) {
+ $wms_data_format = $this->wmc_layer_format[$i][$j];
+ }
+ }
+ // add wms
+ $wmc_string .= "\t" . $target . "add_wms('','".
+ $this->wmc_wms_version[$i] ."','".
+ $this->wmc_wms_title[$i] ."','".
+ $this->wmc_layer_abstract[$i] ."','".
+ $this->wmc_wms_serviceURL[$i] ."','" .
+ $this->wmc_wms_serviceURL[$i] ."','" .
+ $this->wmc_layer_style_legendurl[$i][0] ."','','".
+ $wms_data_format ."','text/html','application/vnd.ogc.se_xml','".
+ $this->wmc_bBox_SRS ."','1');\n";
+
+ $added_wms[count($added_wms)] = $current_wms;
+ $cnt_wms++;
+ $cnt_layers = 0;
+ $cnt_query_layers = 0;
+ if ($action == "merge") {
+ $wmc_string .= "}\n";
+ }
+
+ // add epsg
+ $wmc_string .= $target . "wms_addSRS('".
+ $this->wmc_bBox_SRS ."','".
+ $this->wmc_bBox_minx ."','".
+ $this->wmc_bBox_miny ."','".
+ $this->wmc_bBox_maxx ."','".
+ $this->wmc_bBox_maxy ."','".
+ "');\n";
+
+ // for each layer...
+ for ($ii = 0; $ii < count($this->wmc_layer_title); $ii++) {
+ $layer_wms = $this->wmc_wms_serviceURL[$ii];
+ // ... of this wms
+ if ($current_wms == $layer_wms) {
+
+ // add format (FIXME: is this working?)
+ $z = count($this->wmc_layer_format[$ii]);
+ for($j=0;$j<$z;$j++){
+ $wmc_string .= $target . "wms_add_data_type_format('map','". $this->wmc_layer_format[$ii][$j] ."');\n";
+ }
+
+ if ($cnt_layers == 0) {
+ if ($action == "merge") {
+ $wmc_string .= "if (!wms_exists) {\n\t";
+ }
+ // add parent layer
+ $wmc_string .= $target . "wms_add_layer('','".$this->wmc_layer_id[$i]."','','". $this->wmc_wms_title[$i] ."','','0','0','0','0','','".$this->wmc_wms_id[$i]."','1','1','1','0','0','0','0');\n";
+ if ($action == "merge") {
+ $wmc_string .= "}\n";
+ }
+ }
+
+ $cnt_layers++;
+
+ if ($action == "merge") {
+ $wmc_string .= "if (wms_exists) {\n";
+
+ // check if this layer already exists in this wms
+ $wmc_string .= "\tlayer_exists = false;\n";
+ $wmc_string .= "\tcurrent_layer_index = null;\n";
+ $wmc_string .= "\tfor (var m=0; m < " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer.length; m++) {\n";
+ $wmc_string .= "\t\tif ('" . $this->wmc_layer_name[$ii] . "' == " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[m].layer_name) {\n";
+ $wmc_string .= "\t\t\tlayer_exists = true;\n";
+ $wmc_string .= "\t\t\tcurrent_layer_index = m;\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t}\n";
+
+ $wmc_string .= "\tif (layer_exists) {\n";
+ // check if the visibility or the queryability are different to the existing layer
+ $wmc_string .= "\t\tif (" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible != '" . intval(!$this->wmc_layer_hidden[$ii]) . "'";
+ $wmc_string .= " || " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer != '" . $this->wmc_layer_queryable[$ii] . "') {\n";
+
+ // if yes, update the visibility and queryability
+ $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible = " . intval(!$this->wmc_layer_hidden[$ii]) . ";\n";
+ $wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer = " . $this->wmc_layer_queryable[$ii] . ";\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "}\n";
+ $wmc_string .= "\telse {\n";
+ }
+
+ // add layer
+ $wmc_string .= "\t" . $target . "wms_add_layer('0','".
+ $this->wmc_layer_id[$ii] . "','".
+ $this->wmc_layer_name[$ii] . "','".
+ $this->wmc_layer_title[$ii] ."','".
+ $this->wmc_layer_dataurl[$ii] . "','".
+ intval($cnt_layers) ."','".
+ $this->wmc_layer_queryable[$ii] ."','".
+ $this->wmc_layer_minscale[$ii] ."','".
+ $this->wmc_layer_maxscale[$ii] ."','".
+ $this->wmc_layer_metadataurl[$ii] ."','".
+ $this->wmc_wms_id[$ii] ."','1','1','".
+ intval(!$this->wmc_layer_hidden[$ii]) ."','".
+ $this->wmc_layer_queryable[$ii] ."','".
+ $this->wmc_layer_querylayer[$ii] ."','".
+ $this->wmc_layer_minscale[$ii] ."','".
+ $this->wmc_layer_maxscale[$ii] ."');\n";
+
+ if ($action == "merge") {
+ $wmc_string .= "\t}\n";
+ }
+
+ // if layer is queryable, add it to querylayerlist
+ if ($this->wmc_layer_queryable[$ii]) {
+ $cnt_query_layers++;
+ if (!in_array($this->wmc_layer_name[$ii], explode(",",$querylayerlist))) {
+ if ($querylayerlist == "") {$querylayerlist = $this->wmc_layer_name[$ii];} else {$querylayerlist .= "," . $this->wmc_layer_name[$ii];}
+ }
+ }
+ // if layer is visible, add it to layerlist
+ if (intval(!$this->wmc_layer_hidden[$ii]) && !in_array($this->wmc_layer_name[$ii], explode(",",$layerlist))) {
+ if ($layerlist == "") {$layerlist = $this->wmc_layer_name[$ii];} else {$layerlist .= "," . $this->wmc_layer_name[$ii];}
+ }
+
+ // add layer style (FIXME: is this working?)
+ for($j=0; $j<count($this->wmc_layer_style_name[$ii]);$j++){
+ $wmc_string .= $target . "wms_addLayerStyle('".$this->wmc_layer_style_name[$ii][$j] ."','".$this->wmc_layer_style_title[$ii][$j] ."','".$j."','".$cnt_layers."', '" . $this->wmc_layer_style_legendurl[$ii][$j] . "', '" . $this->wmc_layer_style_legendurl_format[$ii][$j] . "');\n";
+ }
+ }
+ }
+ // add wms to mapObj with all layers and querylayers
+ if ($action == "merge") {
+ $wmc_string .= "if (!wms_exists) {\n";
+ }
+ $wmc_string .= $target. "mb_mapObjaddWMSwithLayers('" . $mapObj . "', '" . $layerlist . "', '" . $querylayerlist . "');\n";
+ if ($action == "merge") {
+ $wmc_string .= "}\n";
+ $wmc_string .= "else {\n";
+ $wmc_string .= $target. "mb_mapObj[index].layers[current_wms_index] = \"" . $layerlist . "\";\n";
+ $wmc_string .= $target. "mb_mapObj[index].querylayers[current_wms_index] = \"" . $querylayerlist . "\";\n";
+ $wmc_string .= "}\n";
+ }
+ }
+ }
+ $wmc_string .= "var old_mapObj = ".$target."cloneObject(".$target."mb_mapObj);\n";
+ $wmc_string .= $target . "deleteMapObj();\n";
+ $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
+ $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
+ $wmc_string .= "\t\t" . $target . "mb_registerMapObj(old_mapObj[i].frameName, old_mapObj[i].elementName, null, " . $this->wmc_windowWidth . ", " . $this->wmc_windowHeight . ");\n";
+ $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.width = " . $this->wmc_windowWidth . ";\n";
+ $wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.height = " . $this->wmc_windowHeight . ";\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "\telse {\n";
+ $wmc_string .= "\t\tvar found = false;\n";
+ $wmc_string .= "\t\tfor (var j=0; j < " . $target . "wms.length && found == false; j++) {\n";
+ $wmc_string .= "\t\t\tif (" . $target . "wms[j].wms_getmap == old_mapObj[i].wms[0].wms_getmap) {\n";
+ $wmc_string .= "\t\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, j, old_mapObj[i].width, old_mapObj[i].height);\n";
+ $wmc_string .= "\t\t\t\tfound = true;\n";
+ $wmc_string .= "\t\t\t}\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t\tif (!found) {\n";
+ $wmc_string .= "\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, 0, old_mapObj[i].width, old_mapObj[i].height);\n";
+ $wmc_string .= "\t\t}\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "}\n";
+
+ $sql = "SELECT minx, miny, maxx, maxy FROM layer_epsg WHERE fkey_layer_id = $1 AND epsg = $2 LIMIT 1";
+ $v = array($this->wmc_layer_id[0], $this->wmc_bBox_SRS);
+ $t = array('i', 's');
+ $res = db_prep_query($sql, $v, $t);
+ $row = db_fetch_array($res);
+ if ($row["minx"] && $row["miny"] && $row["maxx"] && $row["maxy"]) {
+ $ov_bbox = array($row["minx"],$row["miny"],$row["maxx"],$row["maxy"]);
+ }
+ else if ($this->wmc_layer_id[0] && $this->wmc_bBox_SRS){
+ $ov_bbox = array($this->wmc_bBox_minx, $this->wmc_bBox_miny, $this->wmc_bBox_maxx, $this->wmc_bBox_maxy);
+ }
+ else {
+ $ov_bbox = array();
+ }
+ $wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
+ $wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
+ $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+ $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
+ $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "\telse {\n";
+ if (count($ov_bbox)>0) {
+// $wmc_string .= "alert('found bbox for ov: ".implode(',',$ov_bbox)."');";
+ $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+ $wmc_string .= $ov_bbox[0] .",".$ov_bbox[1] .",";
+ $wmc_string .= $ov_bbox[2] .",".$ov_bbox[3] .");\n";
+ }
+ else {
+// $wmc_string .= "alert('no bbox found for ov: old bbox ".$this->wmc_bBox_minx." etc');";
+ $wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+ $wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
+ $wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
+// $wmc_string .= "\t\tvar ov_index = " . $target . "getMapObjIndexByName('overview');\n";
+// $wmc_string .= "\t\t" . $target . "mb_mapObj[ov_index].extent = old_mapObj[i].extent;\n";
+ }
+ $wmc_string .= "\t}\n";
+ $wmc_string .= "\t". $target . "setMapRequest(old_mapObj[i].frameName);\n";
+ $wmc_string .= "}\n";
+ $wmc_string .= $target . "mb_execloadWmsSubFunctions();\n";
+ }
+ return $wmc_string;
+ }
+}
+// end class
+?>
Modified: tags/2.4.4_su/2.4.4_leak/http/classes/class_wms.php
===================================================================
--- tags/2.4.4/http/classes/class_wms.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/classes/class_wms.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -94,7 +94,7 @@
xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
- xml_parse_into_struct($parser,$this->wms_getcapabilities_doc,$values,$tags);
+ xml_parse_into_struct($parser,$data,$values,$tags);
$code = xml_get_error_code($parser);
if ($code) {
@@ -1340,7 +1340,12 @@
while($row = db_fetch_array($res)){
unset($mySubmit);
$myGUI[$cnt] = $row["fkey_gui_id"];
- $sql = "UPDATE gui_wms SET ";
+
+ $sql = "UPDATE gui_wms SET ";
+ $v = array();
+ $t = array();
+ $paramCount = 0;
+
for($i=0; $i<count($this->data_type); $i++){
# gui_wms_mapformat
if(strtolower($this->data_type[$i]) == "map" && strtolower($this->data_format[$i]) == strtolower($row["gui_wms_mapformat"])){
@@ -1356,17 +1361,26 @@
}
}
if(!$myMapFormat){
- $sql .= "gui_wms_mapformat = '".$this->gui_wms_mapformat."' ";
+ $paramCount++;
+ $sql .= "gui_wms_mapformat = $" . $paramCount . " ";
$mySubmit = true;
+ array_push($v, $this->gui_wms_mapformat);
+ array_push($t, "s");
}
if(!$myFeatureInfoFormat){
if($mySubmit){ $sql .= ",";}
- $sql .= "gui_wms_featureinfoformat = '".$this->gui_wms_featureinfoformat."' ";
+ $paramCount++;
+ $sql .= "gui_wms_featureinfoformat = $" . $paramCount . " ";
+ array_push($v, $this->gui_wms_featureinfoformat);
+ array_push($t, "s");
$mySubmit = true;
}
if(!$myExceptionFormat){
if($mySubmit){ $sql .= ",";}
- $sql .= "gui_wms_exceptionformat = '".$this->gui_wms_exceptionformat."' ";
+ $paramCount++;
+ $sql .= "gui_wms_exceptionformat = $" . $paramCount ." ";
+ array_push($v, $this->gui_wms_exceptionformat);
+ array_push($t, "s");
$mySubmit = true;
}
@@ -1378,12 +1392,30 @@
}
if(!$myGUI_EPSG){
if($mySubmit){ $sql .= ",";}
- $sql .= "gui_wms_epsg = '".$this->gui_wms_epsg."' ";
+ $paramCount++;
+ $sql .= "gui_wms_epsg = $" . $paramCount . " ";
+ array_push($v, $this->gui_wms_epsg);
+ array_push($t, "s");
$mySubmit = true;
}
- $sql .= " WHERE fkey_gui_id = '".$row["fkey_gui_id"]."' AND fkey_wms_id = " . $myWMS;
+ $paramCount++;
+ $sql .= " WHERE fkey_gui_id = $" . $paramCount . " ";
+ array_push($v, $row["fkey_gui_id"]);
+ array_push($t, "s");
+
+ $paramCount++;
+ $sql .= "AND fkey_wms_id = $" . $paramCount;
+ array_push($v, $myWMS);
+ array_push($t, "i");
if($mySubmit){
- $this->transaction($sql);
+ $res = db_prep_query($sql,$v,$t);
+ if(!$res){
+ db_rollback();
+ echo "<pre>".$sql."</pre><br> <br><p>";
+ echo db_error();
+ echo "<br /> UPDATE ERROR -> KILL PROCESS AND ROLLBACK....................no update<br><br>";
+ $e = new mb_exception("class_wms.php: transaction: Transaction aborted, rollback.");
+ }
}
$cnt++;
}
@@ -1399,26 +1431,7 @@
function getCapabilitiesDoc() {
return $this->wms_getcapabilities_doc;
}
- function transaction($sql){
- #echo "<hr>". $sql;
- $ok = db_query($sql);
- if(!$ok){
- echo "<pre>".$sql."</pre><br> <br><p>";
- $error = db_error();
- $sql = "ROLLBACK";
- $res = db_query($sql);
- if(SYS_DBTYPE=="pgsql")
- {
- $sql = "SET AUTOCOMMIT=0";
- }
- else
- {
- $sql = "SET AUTOCOMMIT=1";
- }
- echo $error;
- echo "<br /> UPDATE ERROR -> KILL PROCESS AND ROLLBACK....................no update<br><br>";
- }
- }
+
/**
* creatObjfromDB
*
Modified: tags/2.4.4_su/2.4.4_leak/http/frames/login.php
===================================================================
--- tags/2.4.4/http/frames/login.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/frames/login.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,5 @@
<?php
-# $Id: login.php 76 2006-08-15 12:25:34Z heuser $
+# $Id$
# Copyright (C) 2002 CCGIS
#
# This program is free software; you can redistribute it and/or modify
@@ -152,8 +152,10 @@
}
if($_SESSION["mb_user_id"]){
if($row["mb_user_login_count"] < $loginMax){
- $sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = " . $_SESSION['mb_user_id'];
- db_query($sql_del_cnt);
+ $sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = $1";
+ $v = array($_SESSION['mb_user_id']);
+ $t = array("i");
+ db_prep_query($sql_del_cnt, $v, $t);
require_once(dirname(__FILE__)."/../php/mb_getGUIs.php");
$arrayGUIs = mb_getGUIs($row["mb_user_id"]);
$_SESSION["mb_user_guis"] = $arrayGUIs;
Deleted: tags/2.4.4_su/2.4.4_leak/http/html/mod_treefolder_auge.php
===================================================================
--- tags/2.4.4/http/html/mod_treefolder_auge.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/html/mod_treefolder_auge.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,787 +0,0 @@
-<?php
-session_start();
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
-
-$eye_on = '../img/eye_on.gif';
-$eye_off = '../img/eye_off.gif';
-$info_on = '../img/info_on.gif';
-$info_off ='../img/info_off.gif';
-$no_info ='../img/no_info.gif';
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
-<META NAME="Generator" CONTENT="Cosmo Create 1.0.3">
-<?php
-echo '<meta http-equiv="Content-Type" content="text/html; charset='.CHARSET.'">';
-?>
-<TITLE>Treefolder Eyes</TITLE>
-<?php
- include '../include/dyn_css.php';
-?>
-<script language='JavaScript'>
-function pop_up(name)
-{
- window.open(name,"METADATEN","width=310,height=400,left=0,top=0");
-}
-</script>
-<?php
-echo "<script language='JavaScript'>";
-
- import_request_variables("PG");
-
- require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
- $sql = "SELECT e_target FROM gui_element WHERE e_id = '".$_REQUEST['e_id_css']."' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-
- $res = db_query($sql);
- $e_target = db_result($res,0,"e_target");
-
- echo "mod_treeGDE_map = '".$e_target."';";
-echo "</script>";
-
-$sql = "select var_name,var_value from gui_element_vars where fkey_gui_id='".$_SESSION["mb_user_gui"]."' and fkey_e_id='".$_REQUEST['e_id_css']."' and var_type = 'img';";
-
- $res = db_query($sql);
-$img["folder_off"] ='../img/tree/folder_off_new.gif';
-$img["folder_on"] ='../img/tree/folder_on_new.gif';
-while($row = db_fetch_array($res))
-{
-$img[$row['var_name']] = $row['var_value'];
-}
-
-?>
- <SCRIPT language="JavaScript1.2">
- <!--
- /*
- * sitemap.js 1.31 05/02/2000
- * - Opera 5
- *
- * sitemap.js 1.3 27/11/2000
- * - Netscape 6
- *
- * sitemap.js 1.2 20/05/2000
- * - split array tree into arrays for each element old tree
- * - no mory type flag, an folder is an entry which has sons
- * - a folder can have an link
- * - while initing an default layers is shown
- *
- * sitemap.js 1.1 20/10/1999
- * - showTree only updates and init layers new which have been really changed
- * - add deep to knot entry
- * - substitute knotDeep[ id ] w/ tree[ id2treeIndex[ id ] ].deep
- * - add alignment to img and a at the beginning of eyery line
- * - add a fake img for bookmarks on top panel
- *
- * sitemap.js 1.02 14/10/1999
- * - fix bug in initStyles
- *
- * sitemap.js 1.01 06/10/1999
- * - fix bug in knotDeep for Netscape 4.00-4.0.5
- *
- * sitemap.js 1.0 20/09/1999
- *
- * Javascript function for displaying hierarchic directory structures with
- * the ability to collapse and expand directories.
- *
- * Copyright (c) 1999 Polzin GmbH, Duesseldorf. All Rights Reserved.
- * Author: Lutz Eymers <ixtab at polzin.com>
- * Download: http://www.polzin.com/inet/fset_inet.phtml?w=goodies
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purposes and without fee
- * is hereby granted provided that this copyright notice
- * appears in all copies.
- *
- * Of course, this software is provided "as is" without express or implied
- * warranty of any kind.
- *
- */
-
- parent.mb_registerSubFunctions("window.frames['treeGDE'].mod_treeGDE()");
-
-function mod_treeGDE(){
- /**/
- var ind = parent.getMapObjIndexByName(mod_treeGDE_map);
- //if(ind == false){ alert("error, no mapobject specified");}
- for(var i=0; i<document.getElementsByTagName("input").length; i++){
- //wms_title,layer_shortname,{visible | querylayer}
- var myID = document.getElementsByTagName("input")[i].id;
- var arrayID = document.getElementsByTagName("input")[i].id.split("###");
- //var ind = parent.getMapObjIndexByName(mod_treeGDE_map);
- var wms_ind = parent.getWMSIndexByTitle(mod_treeGDE_map,arrayID[0]);
- if(arrayID[2] == "visible"){
- var arrayLayer = parent.mb_mapObj[ind].layers[wms_ind].split(",");
- var isOn = false;
- for(var ii=0; ii<arrayLayer.length; ii++){
- if(arrayID[1] == arrayLayer[ii]){isOn = true;}
- }
- if(isOn == true){ document.getElementById(myID).checked = true;}
- if(isOn == false){ document.getElementById(myID).checked = false;}
- }
- if(arrayID[2] == "querylayer"){
- //nothing to do at this time
- }
- }
- /*consider scalhints*/
- for(var i=0; i<parent.mb_mapObj.length; i++){
- var scale = parseInt(parent.mb_getScale(mod_treeGDE_map));
- if(parent.mb_mapObj[i].frameName == mod_treeGDE_map){
- for(var ii=0; ii<parent.mb_mapObj[i].wms.length; ii++){
- for(var iii=1; iii<parent.mb_mapObj[i].wms[ii].objLayer.length; iii++){
- if(document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name)){
- if(scale < parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_minscale) && parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_minscale) != 0){
- document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#999999';
- }
- else if(scale > parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_maxscale) && parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_maxscale) != 0){
- document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#999999';
- }
- else{
- document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#000000';
- }
- }
- }
- }
- }
- }
-}
- window.onError=null;
-
- var idx=0
- var treeId = new Array();
- var treeP_id = new Array();
- var treeIsOn = new Array();
- var treeTyp = new Array();
- var treeName = new Array();
- var treeUrl = new Array();
- var treeWasOn = new Array();
- var treeDeep = new Array();
- var treeLastY = new Array();
- var treeIsShown = new Array();
- var treeSelectable = new Array();
- var treeVisible = new Array();
- var treeQueryable = new Array();
- var treeQuerylayer = new Array();
- var treeWMS = new Array();
- var treeShortname = new Array();
-
- function Note( id,p_id,name,url,selectable,visible,queryable,querylayer,wms,shortname) {
- treeId[ idx ] = id
- treeP_id[ idx ] = p_id
- treeIsOn[ idx ] = false
- treeTyp[ idx ] = 'f'
- treeName[ idx ] = name
- treeUrl[ idx ] = url
- treeWasOn[ idx ] = false
- treeDeep[ idx ] = 0
- treeLastY[ idx ] = 0
- treeIsShown[ idx ] = false
- treeSelectable[ idx ] = selectable
- treeVisible[ idx ] = visible
- treeQueryable[ idx ] = queryable
- treeQuerylayer[ idx ] = querylayer
- treeWMS[ idx ] = wms
- treeShortname[ idx ] = shortname
- idx++
- }
-
- function initDiv ( )
- {
- if ( isDOM || isDomIE )
- {
- divPrefix='<DIV CLASS="sitemap" style="position:absolute; left:0; top:0; visibility:hidden;" ID="sitemap'
- divInfo='<DIV CLASS="sitemap" style="position:absolute; visibility:visible" ID="sitemap'
- }
- else
- {
- divPrefix='<DIV CLASS="sitemap" ID="sitemap'
- divInfo='<DIV CLASS="sitemap" ID="sitemap'
- }
- //document.writeln( divInfo + 'info">Bitte haben Sie etwas Geduld.<BR> <BR>Es werden die Einträge aus<BR> <BR>der Datenbank initialisiert.</DIV> ' );
- for ( var i=1; i<idx; i++ )
- {
- // linked Name ?
-
-
- if ( treeUrl[i] != '' ){
- if(treeVisible[i] != 1){
- linkedName = '<a href="#" onclick="changevalue('+ i +')"><input type=hidden id="treeWMS['+i+']" value=0><img name="bild'+ i +'" id="test" border=0 src="'+images[1]+'" alt="'+images_text[1]+'"></A>';
- }
- else
- {
- linkedName = '<a href="#" onclick="changevalue('+ i +')"><input type=hidden id="treeWMS['+i+']" value=1><img name="bild'+ i +'" id="test" border=0 src="'+images[2]+'" alt="'+images_text[2]+'"></A>';
- }
-
- //linkedName += "<input id='"+treeWMS[i]+"###"+treeShortname[i]+"###visible' type='checkbox' ";
- //if(treeVisible[i] == '1'){ linkedName += "checked ";}
- //if(treeSelectable[i] != '1'){ linkedName += "disabled ";}
- //linkedName += "onClick = 'if(this.checked){parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"visible\",1);parent.setSingleMapRequest(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\");}";
- //linkedName += "else{parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"visible\",0);parent.setSingleMapRequest(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\");}'";
- //linkedName += '>';
-
-
- //no checkbox for the query
- <?php
- if(isset($_REQUEST["noquerycheckbox"])){
- $nocheck = $_REQUEST["noquerycheckbox"];
- }
- else{
- $nocheck = false;
- }
- echo "var noquerycheck = ".$nocheck.";";
- ?>
- ///evudb/images/mapbender/button_gray/query_off.gif
- ///evudb/images/mapbender/button_gray/query_on.gif
- if (noquerycheck==false || noquerycheck==0){
- if(treeQuerylayer[i] == '1' && treeVisible[i] == 1){
- //Info aktiv
- //alert('info aktiv');
- linkedName += ' <a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=1><img name="query'+ i +'" id="query'+i+'" border=0 src="'+qimages[2]+'" alt="'+qimages_text[2]+'"></A>';
- }
- else
- {
- //alert(treeQueryable[i] + ' ' + treeShortname[i]);
- if(treeQueryable[i] == '1')
- {
- //Info verfügbar
- if (treeVisible[i] ==1)
- {
- // Info aktivierbar
- linkedName += ' <a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=0><img name="query'+ i +'" id="query'+i+'" border=0 src="'+qimages[1]+'" alt="'+qimages_text[1]+'"></A>';
- }
- else
- {
- // Info nicht aktivierbar
- linkedName += ' <a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=0><img name="query'+ i +'" id="query'+i+'" border=0 src="'+qimages[3]+'" alt="'+qimages_text[3]+'"></A>';
- }
- }
- else
- {
- //Info nicht verfügbar verfügbar --> kein Image
- //linkedName += ' <input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=-1><img name="query'+ i +'" id="query'+i+'" border=0 src="<?php echo $no_info;?>" alt="keine Informationen verfügbar">';
- }
- }
- //linkedName += "<input id='"+treeWMS[i]+"###"+treeShortname[i]+"###querylayer' type='checkbox' ";
- //if(treeQuerylayer[i] == '1' && treeVisible[i] == 1){ linkedName += "checked ";}
- //if(treeQueryable[i] != '1' || treeVisible[i] != 1){ linkedName += "disabled ";}
- //linkedName += "onClick = 'if(this.checked){parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"querylayer\",1);}";
- //linkedName += "else{parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"querylayer\",0);}'";
- //linkedName += '>';
- }
-
-
- //no legendlink for the layername
- <?php
- if(isset($_REQUEST["nolink"])){
- $nolegendlink = $_REQUEST["nolink"];
- }
- else{
- $nolegendlink = false;
- }
- echo "var nolink = ".$nolegendlink.";";
- ?>
-
-
- //linkedName += '<A id="'+treeWMS[i]+'_'+treeShortname[i]+'" HREF="' + treeUrl[i] + '" TARGET="' + defaultTarget + '"><IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i] + '</A>';
-
- linkedName += '<A id="'+treeWMS[i]+'_'+treeShortname[i];
- if (nolink==0 || nolink==false){
- linkedName += '" HREF="' + treeUrl[i];
- }
- linkedName +='" TARGET="' + defaultTarget + '"><IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i] + '</A>';
-
-
- }
- else
- linkedName = '<IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i]
- // don't link folder icon if node has no sons
- if ( i == idx-1 || treeP_id[i+1] != treeId[i] ) {
- if ( treeDeep[ i ] == 0 )
- folderImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_empty.gif" BORDER="0" HEIGHT="16" WIDTH="1" HSPACE="0">'
- else
- folderImg = ''
- } else {
- folderImg = '<A HREF="javascript:sitemapClick(' + treeId[i] + ')"><IMG ALIGN="BOTTOM" SRC="<?php echo $img["folder_off"];?>" BORDER="0" NAME="folder' + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0"></A>'
- }
- // which type of file icon should be displayed?
- if ( treeP_id[i] != 0 )
- {
- if ( lastEntryInFolder( treeId[i] ) )
- fileImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_last.gif" BORDER="0" NAME="file'
- + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0">'
- else
- fileImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file.gif" BORDER="0" NAME="file'
- + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0">'
- }
- else
- fileImg = ''
- // traverse parents up to root and show vertical lines if parent
- // is not the last entry on this layer
- verticales = ''
- for( var act_id=treeId[i] ; treeDeep[ id2treeIndex[ act_id ] ] > 1; )
- {
- act_id = treeP_id[ id2treeIndex[ act_id ]]
- if ( lastEntryInFolder( act_id ) )
- {
- verticales = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_empty.gif" BORDER="0" HEIGHT="16" WIDTH="30" HSPACE="0">' + verticales
- }
- else
- {
- verticales = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_vert.gif" BORDER="0" HEIGHT="16" WIDTH="30" HSPACE="0">' + verticales
- }
- }
-
-
- document.writeln( divPrefix + treeId[i] + '"><NOBR> ' + verticales + fileImg + folderImg + linkedName + '</NOBR></DIV>'
- )
- }
- }
-
- var i = 1 ;
- images = new Array;
- qimages = new Array;
- images_text = new Array;
- qimages_text = new Array;
- images[1] = '<?php echo $eye_off;?>';
- images[2] = '<?php echo $eye_on;?>';
- qimages[1] = '<?php echo $info_off;?>';
- qimages[2] = '<?php echo $info_on;?>';
- qimages[3] = '<?php echo $no_info;?>';
- images_text[1] = 'klicken Sie hier um den Layer zu aktivieren';
- images_text[2] = 'klicken Sie hier um den Layer zu deaktivieren';
- qimages_text[1] = 'klicken Sie hier um die Informationen zu aktivieren';
- qimages_text[2] = 'klicken Sie hier um die Informationen zu deaktivieren';
- qimages_text[3] = 'Informationen momentan nicht verfügbar';
-
- function changevalue(id){
- var info = document.getElementById('query'+ id) ;
- var layer = document.getElementById('bild' + id) ;
- var wert = document.getElementById('treeWMS['+id+']');
- var query = document.getElementById(treeWMS[id]+'###'+treeShortname[id]+'###querylayer');
- //alert(wert.value);
- if(wert.value == 1){ //war sichtbar
- // Layer war sichtbar --> deaktivieren
- layer.src = images[1];
- layer.alt = images_text[1];
- //if(treeQuerylayer[id] == 1){
- //Infobutton aendern, wenn Info abfragbar
- if(treeQueryable[id] == '1')
- {
- info.src = qimages[3];
- info.alt = qimages_text[3];
- // Info deaktivieren
- query.value = 0 ; // Ausschalten der Abfrage wenn nicht sichtbar
- query.checked = false;
- query.disabled = true;
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',0); // Info disabled
- }
- wert.value=0;
- //alert(wert.value);
- // Anzeige des Layers deaktivieren
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'visible',0);
- parent.setSingleMapRequest(mod_treeGDE_map,treeWMS[id]);
-
-
-
- }
- else
- {
- // Layer war nicht sichtbar --> aktivieren
- layer.src = images[2];
- layer.alt = images_text[2]
- wert.value=1;
- //alert(wert.value);
- // Anzeige des Layers aktivieren
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'visible',1);
- parent.setSingleMapRequest(mod_treeGDE_map,treeWMS[id]);
- // evtl. Info aktivieren und Button aendern
- if(treeQueryable[id] == '1')
- {
- if (treeQuerylayer[id] == 1)
- {
- //Info aktivieren
- info.src = qimages[2];
- info.alt = qimages_text[2];
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',1);
- query.value = 1;
- query.disabled = false;
- }
- else
- {
- //Info aktivierbar
- info.src = qimages[1];
- info.alt = qimages_text[1];
- query.value = 0;
- query.disabled = false;
-
- }
- }
- }
-
- }
-
- function changeinfo(id)
- {
- var info = document.getElementById('query'+ id) ;
- var wert = document.getElementById('treeWMS['+id+']');
- var query = document.getElementById(treeWMS[id]+'###'+treeShortname[id]+'###querylayer');
- //"'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer"
- // alert(query.value);
- //alert(layer.src == '../img/orangeball.gif');
- //alert(wert.value);
- if(query.value == 1)
- { //war sichtbar
- // Info war aktiviert --> deaktivieren
- info.src = qimages[1];
- info.alt = qimages_text[1];
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',0);
-
- query.value = 0 ; // Ausschalten der Abfrage wenn nicht sichtbar
- //query.checked = false; //<--wozu?
- query.disabled = true;
- }
- else
- {
- // Info war deaktiviert --> aktivieren
- if(wert.value == 1)
- {
- info.src = qimages[2];
- info.alt = qimages_text[2];
- query.value=1;
-
- //alert(wert.value);
- parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',1);
- //if(treeQuerylayer[id] == 1){
- //query.checked = false; //<--wozu?
- query.disabled = false;
- //}
- }
- }
-
- }
- function initStyles ( )
- {
- document.writeln( '<STYLE TYPE="text/css">' + "\n" + '<!--' )
- for ( var i=1,y=y0; i<idx; i++ )
- {
- document.writeln( '#sitemap' + treeId[i] + ' {POSITION: absolute; VISIBILITY: hidden;}' )
- if ( treeIsOn[ id2treeIndex[ treeP_id[i] ] ] )
- y += deltaY
- }
- document.writeln( '#sitemapinfo {POSITION: absolute; VISIBILITY: visible;}' )
- document.writeln( '//-->' + "\n" + '</STYLE>' )
- }
-
-
-
- function sitemapClick( id )
- {
- var i = id2treeIndex[ id ]
-
- if ( treeIsOn[ i ] )
- // close directory
- {
- // mark node as invisible
- treeIsOn[ i ]=false
- // mark all sons as invisible
- actDeep = treeDeep[ i ]
- for( var j=i+1; j<idx && treeDeep[j] > actDeep; j++ )
- {
- treeWasOn[ j ] = treeIsOn[ j ]
- treeIsOn[ j ]=false
- }
- gif_off( id )
- }
- else
- // open directory
- {
- treeIsOn[ i ]=true
- // remember and restore old status
- actDeep = treeDeep[ i ]
- for( var j=i+1; j<idx && treeDeep[j] > actDeep; j++ )
- {
- treeIsOn[ j ] = treeWasOn[ j ]
- }
- gif_on( id )
- }
- showTree()
- }
-
- function knotDeep( id )
- {
- var deep=0
- while ( true )
- if ( treeP_id[ id2treeIndex[id] ] == 0 )
- return deep
- else
- {
- ++deep
- id = treeP_id[ id2treeIndex[id] ]
- }
- return deep
- }
-
- function initTree( id )
- {
- treeIsOn[ id2treeIndex[id] ] = true
- if ( treeTyp[ id2treeIndex[id] ] != 'b' )
- gif_on( id )
- while ( treeP_id[ id2treeIndex[id] ] != 0 )
- {
- id = treeP_id[ id2treeIndex[id] ]
- treeIsOn[ id2treeIndex[id] ] = true
- if ( treeTyp[ id2treeIndex[id] ] != 'b' )
- gif_on( id )
- }
- }
-
- function lastEntryInFolder( id )
- {
- var i = id2treeIndex[id]
- if ( i == idx-1 )
- return true
- if ( treeTyp[i] == 'b' )
- {
- if ( treeP_id[i+1] != treeP_id[i] )
- return true
- else
- return false
- }
- else
- {
- var actDeep = treeDeep[i]
- for( var j=i+1; j<idx && treeDeep[j] > actDeep ; j++ )
- ;
- if ( j<idx && treeDeep[j] == actDeep )
- return false
- else
- return true
- }
- }
-
- function showTree()
- {
- for( var i=1, y=y0, x=x0; i<idx; i++ )
- {
- if ( treeIsOn[ id2treeIndex[ treeP_id[i] ] ] )
- {
- // show current node
- if ( !(y == treeLastY[i] && treeIsShown[i] ) )
- {
- showLayer( "sitemap"+ treeId[i] )
- setyLayer( "sitemap"+ treeId[i], y )
- treeIsShown[i] = true
- }
- treeLastY[i] = y
- y += deltaY
- }
- else
- {
- // hide current node and all sons
- if ( treeIsShown[ i ] )
- {
- hideLayer( "sitemap"+ treeId[i] )
- treeIsShown[i] = false
- }
- }
- }
- }
-
- function initIndex() {
- for( var i=0; i<idx; i++ )
- id2treeIndex[ treeId[i] ] = i
- }
-
- function gif_name (name, width, height) {
- this.on = new Image (width, height);
- this.on.src = '<?echo $img["folder_on"];?>';
- this.off = new Image (width, height);
- this.off.src = '<?echo $img["folder_off"]?>';
- }
-
- function load_gif (name, width, height) {
- gif_name [name] = new gif_name (name,width,height);
- }
-
- function load_all () {
- load_gif ('folder',30,16)
- file_last = new Image( 30,16 )
- file_last.src = "../img/tree/file_last.gif"
- file_middle = new Image( 30,16 )
- file_middle.src = "../img/tree/file.gif"
- file_vert = new Image( 30,16 )
- file_vert.src = "../img/tree/file_vert.gif"
- file_empty = new Image( 30,16 )
- file_empty = "../img/tree/file_empty.gif"
- }
-
- function gif_on ( id ) {
- eval("document['folder" + id + "'].src = gif_name['folder'].on.src")
- }
-
- function gif_off ( id ) {
- eval("document['folder" + id + "'].src = gif_name['folder'].off.src")
- }
-
- // global configuration
- var deltaX = 30
- var deltaY = 16
- var x0 = 5
- var y0 = 5
- var defaultTarget = 'examplemain'
-
- var browserName = navigator.appName;
- var browserVersion = parseInt(navigator.appVersion);
- var isIE = false;
- var isNN = false;
- var isDOM = false;
- var isDomIE = false;
- var isDomNN = false;
- var layerok = false;
-
- var isIE = browserName.indexOf("Microsoft Internet Explorer" )==-1?false:true;
- var isNN = browserName.indexOf("Netscape")==-1?false:true;
- var isOpera = browserName.indexOf("Opera")==-1?false:true;
- var isDOM = document.getElementById?true:false;
- var isDomNN = document.layers?true:false;
- var isDomIE = document.all?true:false;
-
- if ( isNN && browserVersion>=4 ) layerok=true;
- if ( isIE && browserVersion>=4 ) layerok=true;
- if ( isOpera && browserVersion>=5 ) layerok=true;
-
-
- function hideLayer(layerName) {
- if (isDOM)
- document.getElementById(layerName).style.visibility="hidden"
- else if (isDomIE)
- document.all[layerName].style.visibility="hidden";
- else if (isDomNN)
- document.layers[layerName].visibility="hidden";
- }
-
- function showLayer(layerName) {
- if (isDOM)
- document.getElementById(layerName).style.visibility="visible"
- else if (isDomIE)
- document.all[layerName].style.visibility="visible";
- else if (isDomNN)
- document.layers[layerName].visibility="visible";
- }
-
- function setyLayer(layerName, y) {
- if (isDOM)
- document.getElementById(layerName).style.top=y
- else if (isDomIE)
- document.all[layerName].style.top=y;
- else if (isDomNN)
- document.layers[layerName].top=y;
- }
-
- var id2treeIndex = new Array()
-
- // the structure is easy to understand with a simple example
- // p_id is the id of the parent
- // E0 ( id=0,p_id=-1 )
- // E11 ( id=1,p_id=0)
- // E111 ( id=2,p_id=1 )
- // E112 ( id=3,p_id=1 )
- // E12 ( id=4,p_id=0 )
- // E121 ( id=5,p_id=4 )
- // E13 ( id=6,p_id=0 )
- // E131 ( id=7,p_id=6 )
- // E1311 ( id=8,p_id=7 )
- // E132 ( id=9,p_id=6 )
- // this is a multinary tree structure which is easy to
- // populate with database data :)
-function initArray(){
- var parentObj = 0;
- if(parent.mb_mapObj.length == 0){ window.setTimeout("initArray()",100); }
- else if(parent.mb_mapObj.length > 0){
- Note(0,-1,'','');
- for(var i=0; i<parent.mb_mapObj.length; i++){
- if(parent.mb_mapObj[i].frameName == mod_treeGDE_map){
- for(var ii=0; ii<parent.mb_mapObj[i].wms.length; ii++){
- if(parent.mb_mapObj[i].wms[ii].gui_wms_visible == '1'){
- for(var iii=0; iii<parent.mb_mapObj[i].wms[ii].objLayer.length; iii++){
- var temp = parent.mb_mapObj[i].wms[ii].objLayer[iii];
- if(parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_parent == ""){
- //alert((parseInt(temp.layer_id)+1) + " , " +0 + " , " +temp.layer_title + " , " +'');
- Note((parseInt(temp.layer_id)+1),0,temp.layer_title,'','','','','');
- parentObj = temp.layer_id+1;
- }
- if(parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_parent == "0"){
-
- if(temp.gui_layer_selectable == '1' || temp.gui_layer_queryable == '1'){
-
- Note((parseInt(temp.layer_id)+1),parentObj,temp.layer_title,'../metadata/metadata.php?wms_id='+parseInt(parent.mb_mapObj[i].wms[ii].wms_id)+'&gui_layer_wms_id='+temp.gui_layer_wms_id+'&layer_name='+temp.layer_name,temp.gui_layer_selectable,temp.gui_layer_visible,temp.gui_layer_queryable,temp.gui_layer_querylayer,parent.mb_mapObj[i].wms[ii].wms_title,temp.layer_name);
- //Note((parseInt(temp.layer_id)+1),parentObj,temp.layer_title,'dasdf',temp.gui_layer_selectable,temp.gui_layer_visible,temp.gui_layer_queryable,temp.gui_layer_querylayer,parent.mb_mapObj[i].wms[ii].wms_title,temp.layer_name);
- }
- }
- }
- }
- }
- }
- }
- //Note(22,1,'willi','adfasd');
- treeTyp[0] = 'f'
- treeIsOn[0] = true
- treeWasOn[0] = true
- }
-}
- function initArray_()
- {
- Note(0,-1,'','')
- Note(1,0,'Tutorials','')
- Note(8,1,'HTML','')
- Note(10,8,'SelfHtml','http://www.teamone.de/selfaktuell/')
- Note(9,1,'willi','')
- Note(100,9,'SelfHtml','http://www.teamone.de/selfaktuell/')
- Note(3,1,'JavaScript','')
- Note(4,3, 'Netscape Guide 1.3','http://developer.netscape.com/docs/manuals/js/client/jsguide/index.htm')
- Note(7,3, 'Introduction to Javascript','http://rummelplatz.uni-mannheim.de/~skoch/js/script.htm')
- Note(12,1, 'Perl','')
- Note(14,12, 'Perl Tutorial','http://www.awu.id.ethz.ch/~didi/perl/perl_start.html')
- Note(13,1,'SQL','')
- Note(15,13, 'Introduction to SQL','http://w3.one.net/~jhoffman/sqltut.htm')
- Note(111,1, 'Introduction to SQL','http://w3.one.net/~jhoffman/sqltut.htm')
- Note(2,0, 'Reference Manuals','')
- Note(11,2, 'HTML Version 3.2 Referenz','http://www.cls-online.de/htmlref/index.htm')
- Note(6,2,'Netscape Reference 1.3','http://developer.netscape.com/docs/manuals/js/client/jsref/index.htm')
- Note(17,2,'PHP Manual','http://www.php.net/manual/html/')
- treeTyp[0] = 'f'
- treeIsOn[0] = true
- treeWasOn[0] = true
- }
-
- var idx=0
- initArray()
- initIndex()
- load_all()
- for( i=1; i<idx; i++ )
- {
- treeDeep[i] = knotDeep( treeId[i] )
- if ( treeDeep[i] == 0 )
- treeIsShown[i] = true
- }
- if ( isDomNN )
- initStyles();
- //-->
- </SCRIPT>
-</HEAD>
-<BODY VLINK="#000000" ALINK="#000000" LINK="#000000" BGCOLOR="#ffffff" TEXT="#000000"
- onLoad="if (layerok) showTree();mod_treeGDE();"
- MARGINHEIGHT="0" MARGINWIDTH="0" LEFTMARGIN="0" TOPMARGIN="0">
-<SCRIPT language="JavaScript1.2">
-<!--
- initDiv()
- //hideLayer("sitemapinfo")
-//-->
-</SCRIPT>
-</BODY>
-</HTML>
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/map.php
===================================================================
--- tags/2.4.4/http/javascripts/map.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/map.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -41,8 +41,11 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$mb_sql = "SELECT DISTINCT e_js_file, e_id, e_src, e_target, e_pos FROM gui_element WHERE e_public = 1 AND fkey_gui_id = '".$_REQUEST["gui_id"]."' ORDER BY e_pos";
-$mb_res = db_query($mb_sql);
+$mb_sql = "SELECT DISTINCT e_js_file, e_id, e_src, e_target, e_pos ";
+$mb_sql .= "FROM gui_element WHERE e_public = 1 AND fkey_gui_id = $1 ORDER BY e_pos";
+$v = array($_REQUEST["gui_id"]);
+$t = array("s");
+$mb_res = db_prep_query($mb_sql, $v, $t);
//$mb_cnt = 0;
while($row_js = db_fetch_array($mb_res)){
if($row_js["e_js_file"] != ""){
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromList.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromList.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromList.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,5 @@
<?php
-# $Id: mod_addWMSfromList.php 76 2006-08-15 12:25:34Z heuser $
+# $Id$
# http://www.mapbender.org/index.php/mod_addWMSfromList.php
# Copyright (C) 2002 CCGIS
#
@@ -110,14 +110,18 @@
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui .= ",";}
- $sql_gui .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui .= ",";
+ }
+ $sql_gui .= "$" . $i;
+ array_push($t, "s");
}
$sql_gui.= ") ORDER BY gui_name";
-$res_gui = db_query($sql_gui);
+$res_gui = db_prep_query($sql_gui, $v, $t);
while($row = db_fetch_array($res_gui)){
$gui_id[$cnt_gui] = $row["gui_id"];
$gui_name[$cnt_gui] = $row["gui_name"];
@@ -127,14 +131,18 @@
/*get allocated wms from allocated gui ********************************************************************************************/
$sql_gui_wms = "SELECT DISTINCT fkey_wms_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui_wms .= ",";}
- $sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui_wms .= ",";
+ }
+ $sql_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_gui_wms.= ") ORDER BY fkey_wms_id";
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
while($row = db_fetch_array($res_gui_wms)){
$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -144,15 +152,19 @@
/*get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
$sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities,wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
- if($i>0){ $sql_wms .= ",";}
- $sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+ if ($i > 1) {
+ $sql_wms .= ",";
+ }
+ $sql_wms .= "$" . $i;
+ array_push($t, "s");
}
#$sql_wms.= ") ORDER BY wms_id";
$sql_wms.= ") ORDER BY wms_title";
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
while($row = db_fetch_array($res_wms)){
$wms_title[$cnt_wms] = $row["wms_title"];
$wms_abstract[$cnt_wms] = $row["wms_abstract"];
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredList.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromfilteredList.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredList.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -247,14 +247,20 @@
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
+$v = $arrayGuis;
+$t = array();
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui .= ",";}
- $sql_gui .= "'".$arrayGuis[$i]."'";
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui .= ",";
+ }
+ $sql_gui .= "$" . $i;
+ array_push($t, "s");
}
$sql_gui.= ") ORDER BY gui_name";
-$res_gui = db_query($sql_gui);
+
+$res_gui = db_prep_query($sql_gui, $v, $t);
while($row = db_fetch_array($res_gui)){
$gui_id[$cnt_gui] = $row["gui_id"];
$gui_name[$cnt_gui] = $row["gui_name"];
@@ -266,14 +272,18 @@
/*get allocated wms from allocated gui ********************************************************************************************/
$sql_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui_wms .= ",";}
- $sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui_wms .= ",";
+ }
+ $sql_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_gui_wms.= ") ORDER BY fkey_wms_id";
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
while($row = db_fetch_array($res_gui_wms)){
$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -283,14 +293,18 @@
/*get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
$sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
- if($i>0){ $sql_wms .= ",";}
- $sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+ if ($i > 1) {
+ $sql_wms .= ",";
+ }
+ $sql_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_wms.= ") ORDER BY wms_title";
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
while($row = db_fetch_array($res_wms)){
$wms_title[$cnt_wms] = $row["wms_title"];
$wms_abstract[$cnt_wms] = $row["wms_abstract"];
@@ -324,8 +338,10 @@
#if (isset($show_group_wms))
if (!empty($show_group_wms)){
/*get gui goup ********************************************************************************************/
- $sql_gui_mb_group = "SELECT fkey_gui_id, fkey_mb_group_id FROM gui_mb_group WHERE fkey_mb_group_id='".$show_group_wms."'";
- $res_gui_mb_group = db_query($sql_gui_mb_group);
+ $sql_gui_mb_group = "SELECT fkey_gui_id, fkey_mb_group_id FROM gui_mb_group WHERE fkey_mb_group_id=$1";
+ $v = array($show_group_wms);
+ $t = array("s");
+ $res_gui_mb_group = db_prep_query($sql_gui_mb_group, $v, $t);
while($row = db_fetch_array($res_gui_mb_group)){
$group_gui_id[$cnt_gui_mb_group] = $row["fkey_gui_id"];
@@ -339,13 +355,18 @@
/*get group gui WMS ********************************************************************************************/
if(count($group_gui_id)>0) {
$sql_fkey_group_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
- for($i=0; $i<count($group_gui_id); $i++){
- if($i>0){ $sql_fkey_group_gui_wms .= ",";}
- $sql_fkey_group_gui_wms .= "'".$group_gui_id[$i]."'";
+ $v = $group_gui_id;
+ $t = array();
+ for ($i = 1; $i <= count($group_gui_id); $i++){
+ if ($i > 1) {
+ $sql_fkey_group_gui_wms .= ",";
+ }
+ $sql_fkey_group_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_fkey_group_gui_wms.= ") ORDER BY fkey_wms_id";
- $res_fkey_group_gui_wms = db_query($sql_fkey_group_gui_wms);
+ $res_fkey_group_gui_wms = db_prep_query($sql_fkey_group_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_group_gui_wms)){
$fkey_group_gui_gui_id[$cnt_fkey_group_gui_wms] = $row["fkey_gui_id"];
$fkey_group_gui_wms_id[$cnt_fkey_group_gui_wms] = $row["fkey_wms_id"];
@@ -358,14 +379,18 @@
/*group: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_group_gui_wms_id)>0){
$sql_group_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_group_gui_wms_id); $i++){
- if($i>0){ $sql_group_gui_wms .= ",";}
- $sql_group_gui_wms .= "'".$fkey_group_gui_wms_id[$i]."'";
+ $v = $fkey_group_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_group_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_group_gui_wms .= ",";
+ }
+ $sql_group_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_group_gui_wms.= ") ORDER BY wms_title";
- $res_group_gui_wms = db_query($sql_group_gui_wms);
+ $res_group_gui_wms = db_prep_query($sql_group_gui_wms, $v, $t);
while($row = db_fetch_array($res_group_gui_wms)){
$group_wms_title[$cnt_group_gui_wms] = $row["wms_title"];
$group_wms_abstract[$cnt_group_gui_wms] = $row["wms_abstract"];
@@ -383,8 +408,10 @@
#if ($show_group_wms > 0)
if ($cnt_group_gui_wms > 0){
/*get goup name for showing in the table ********************************************************************************************/
- $sql_group_name = "SELECT mb_group_id, mb_group_name FROM mb_group WHERE mb_group_id ='".$show_group_wms."'";
- $res_group_name = db_query($sql_group_name);
+ $sql_group_name = "SELECT mb_group_id, mb_group_name FROM mb_group WHERE mb_group_id = $1";
+ $v = array($show_group_wms);
+ $t = array("s");
+ $res_group_name = db_prep_query($sql_group_name, $v, $t);
while($row = db_fetch_array($res_group_name)){
$group_name_table[$cnt_group_name] = $row["mb_group_name"];
$my_group_id_table[$cnt_group_name] = $row["mb_group_id"];
@@ -426,10 +453,12 @@
/*show gui wms ********************************************************************************************/
if (!empty($show_gui_wms)){
/*get group gui WMS ********************************************************************************************/
- $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$show_gui_wms."'";
+ $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
+ $v = array($show_gui_wms);
+ $t = array("s");
#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
- $res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+ $res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_show_gui_wms)){
$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -441,14 +470,18 @@
/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_show_gui_wms_id)>0){
$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
- if($i>0){ $sql_show_gui_wms .= ",";}
- $sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+ $v = $fkey_show_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_show_gui_wms .= ",";
+ }
+ $sql_show_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_show_gui_wms.= ") ORDER BY wms_title";
- $res_show_gui_wms = db_query($sql_show_gui_wms);
+ $res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_show_gui_wms)){
$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -466,8 +499,10 @@
if ($cnt_show_gui_wms > 0){
/*get selected gui name for table caption ********************************************************************************************/
- $sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$show_gui_wms."'";
- $res_gui_table = db_query($sql_gui_table);
+ $sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+ $v = array($show_gui_wms);
+ $t = array("s");
+ $res_gui_table = db_prep_query($sql_gui_table, $v, $t);
while($row = db_fetch_array($res_gui_table)){
$gui_id_table[$cnt_gui_table] = $row["gui_id"];
$gui_name_table[$cnt_gui_table] = $row["gui_name"];
@@ -513,10 +548,11 @@
/*show gui wms ********************************************************************************************/
if (!empty($show_gui_configured_wms)){
/*get group gui WMS ********************************************************************************************/
- $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$show_gui_configured_wms."'";
+ $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
-
- $res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+ $v = array($show_gui_configured_wms);
+ $t = array("s");
+ $res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_show_gui_wms)){
$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -528,14 +564,18 @@
/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_show_gui_wms_id)>0){
$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
- if($i>0){ $sql_show_gui_wms .= ",";}
- $sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+ $v = $fkey_show_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_show_gui_wms .= ",";
+ }
+ $sql_show_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_show_gui_wms.= ") ORDER BY wms_title";
- $res_show_gui_wms = db_query($sql_show_gui_wms);
+ $res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_show_gui_wms)){
$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -553,8 +593,10 @@
if ($cnt_show_gui_wms > 0){
/*get selected gui name for table caption ********************************************************************************************/
- $sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$show_gui_configured_wms."'";
- $res_gui_table = db_query($sql_gui_table);
+ $sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+ $v = array($show_gui_configured_wms);
+ $t = array("s");
+ $res_gui_table = db_prep_query($sql_gui_table, $v, $t);
while($row = db_fetch_array($res_gui_table)){
$gui_id_table[$cnt_gui_table] = $row["gui_id"];
$gui_name_table[$cnt_gui_table] = $row["gui_name"];
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredListDB.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromfilteredListDB.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_addWMSfromfilteredListDB.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,5 @@
<?php
-# $Id: mod_addWMSfromfilteredList.php 1274 2007-04-25 07:01:08Z christoph $
+# $Id$
# http://www.mapbender.org/index.php/mod_addWMSfromfilteredList.php
# Copyright (C) 2002 CCGIS
#
@@ -101,14 +101,18 @@
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui .= ",";}
- $sql_gui .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+ if ($i > 1) {
+ $sql_gui .= ",";
+ }
+ $sql_gui .= "$" . $i;
+ array_push($t, "s");
}
$sql_gui.= ") ORDER BY gui_name";
-$res_gui = db_query($sql_gui);
+$res_gui = db_prep_query($sql_gui, $v, $t);
while($row = db_fetch_array($res_gui)){
$gui_id[$cnt_gui] = $row["gui_id"];
$gui_name[$cnt_gui] = $row["gui_name"];
@@ -120,14 +124,18 @@
/*get allocated wms from allocated gui ********************************************************************************************/
$sql_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
- if($i>0){ $sql_gui_wms .= ",";}
- $sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++) {
+ if ($i > 1) {
+ $sql_gui_wms .= ",";
+ }
+ $sql_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_gui_wms.= ") ORDER BY fkey_wms_id";
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
while($row = db_fetch_array($res_gui_wms)){
$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -137,14 +145,18 @@
/*get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
$sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
- if($i>0){ $sql_wms .= ",";}
- $sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+ if ($i > 1) {
+ $sql_wms .= ",";
+ }
+ $sql_wms .= "$" . $i;
+ array_push($t, "s");
}
$sql_wms.= ") ORDER BY wms_title";
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
while($row = db_fetch_array($res_wms)){
$wms_title[$cnt_wms] = $row["wms_title"];
$wms_abstract[$cnt_wms] = $row["wms_abstract"];
@@ -181,10 +193,12 @@
echo "<input type='button' class='wms_button' name='wms2' value='" . $selectOtherGuiText . "' onclick = 'mod_show_gui()'></td>";
/*get group gui WMS ********************************************************************************************/
- $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$wms_show."'";
+ $sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
- $res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+ $v = array($wms_show);
+ $t = array("s");
+ $res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_fkey_show_gui_wms)){
$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -196,14 +210,18 @@
/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui ********************************************************************************************/
if(count($fkey_show_gui_wms_id)>0){
$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
- for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
- if($i>0){ $sql_show_gui_wms .= ",";}
- $sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+ $v = $fkey_show_gui_wms_id;
+ $t = array();
+ for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+ if ($i > 1) {
+ $sql_show_gui_wms .= ",";
+ }
+ $sql_show_gui_wms .= "$".$i;
+ array_push($t, "s");
}
$sql_show_gui_wms.= ") ORDER BY wms_title";
- $res_show_gui_wms = db_query($sql_show_gui_wms);
+ $res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
while($row = db_fetch_array($res_show_gui_wms)){
$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -221,8 +239,10 @@
if ($cnt_show_gui_wms > 0){
/*get selected gui name for table caption ********************************************************************************************/
- $sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$wms_show."'";
- $res_gui_table = db_query($sql_gui_table);
+ $sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+ $v = array($wms_show);
+ $t = array("s");
+ $res_gui_table = db_prep_query($sql_gui_table, $v, $t);
while($row = db_fetch_array($res_gui_table)){
$gui_id_table[$cnt_gui_table] = $row["gui_id"];
$gui_name_table[$cnt_gui_table] = $row["gui_name"];
Deleted: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_measure4326.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_measure4326.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_measure4326.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,251 +0,0 @@
-<?php
-# $Id: mod_measure.php 267 2006-05-12 12:16:01Z vera_schulze $
-# http://www.mapbender.org/index.php/mod_measure.php
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-
-$gui_id = $_REQUEST["gui_id"];
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'measure' AND fkey_gui_id = $1";
-$v = array($gui_id);
-$t = array('s');
-$res = db_prep_query($sql, $v, $t);
-$cnt = 0;
-while($row = db_fetch_array($res)){
- $e_src = $row["e_src"];
- $e_target = $row["e_target"];
- $cnt++;
-}
-if($cnt > 1){
- echo "alert('measure: ID not unique!');";
-}
-echo "var mod_measure_target = '".$e_target."';";
-
-require_once("ajax_jquery.js");
-$e_id_css = "measure";
-include '../include/dyn_js.php';
-?>
-
-var mod_measure_color1 = "white";
-var mod_measure_color2 = "black";
-var mod_measure_font = "Arial, Helvetica, sans-serif";
-var mod_measure_fontsize = "9px";
-var mod_measure_basepoint = "#8a2be2";
-var mod_measure_linepoint = "#ff00ff";
-var mod_measure_bg = "";
-var mod_measure_pgsql = true;
-
-var mod_measure_win = null;
-
-var mod_measure_elName = "measure";
-var mod_measure_frameName = "";
-var mod_measure_epsg;
-var mod_measure_width;
-var mod_measure_height;
-var dist = false;
-var mod_measure_RX = new Array();
-var mod_measure_RY = new Array();
-var mod_measure_Dist = new Array();
-var mod_measure_TotalDist = new Array();
-var mod_measureSubFunctions = new Array();
-
-var mod_measure_img_on = new Image(); mod_measure_img_on.src = "<?php echo preg_replace("/_off/","_on",$e_src); ?>";
-var mod_measure_img_off = new Image(); mod_measure_img_off.src = "<?php echo $e_src; ?>";
-var mod_measure_img_over = new Image(); mod_measure_img_over.src = "<?php echo preg_replace("/_off/","_over",$e_src); ?>";
-
-function init_mod_measure(ind){
- mb_button[ind] = document.getElementById(mod_measure_elName);
- mb_button[ind].img_over = mod_measure_img_over.src;
- mb_button[ind].img_on = mod_measure_img_on.src;
- mb_button[ind].img_off = mod_measure_img_off.src;
- mb_button[ind].status = 0;
- mb_button[ind].elName = mod_measure_elName;
- mb_button[ind].fName = mod_measure_frameName;
- mb_button[ind].go = new Function ("mod_measure_go()");
- mb_button[ind].stop = new Function ("mod_measure_disable()");
- var ind = getMapObjIndexByName(mod_measure_target);
- mod_measure_width = mb_mapObj[ind].width;
- mod_measure_height = mb_mapObj[ind].height;
- mod_measure_epsg = mb_mapObj[ind].epsg;
- mb_registerSubFunctions("drawDashedLine()");
- mb_registerPanSubElement("measuring");
-}
-function register_measureSubFunctions(stringFunction){
- mod_measureSubFunctions[mod_measureSubFunctions.length] = stringFunction;
-}
-function mod_measure_go(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = mod_measure_start;
- //el.onmousemove = mod_measure_run;
- var measureSub = "";
- for(var i=0; i<mod_measureSubFunctions.length; i++){
- measureSub += eval(mod_measureSubFunctions[i]);
- }
- writeTag(mod_measure_target,"measure_sub",measureSub);
-}
-function mod_measure_disable(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = null;
- el.onmousemove = null;
- writeTag(mod_measure_target,"measure_display","");
- writeTag(mod_measure_target,"measure_sub","");
-}
-function mod_measure_timeout(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = null;
- el.ondblclick = null;
- el.onmousemove = null;
-}
-function mod_measure_disableTimeout(){
- var el = window.frames[mod_measure_target].document;
- el.onmousedown = mod_measure_start;
- //el.onmousemove = mod_measure_run;
-}
-function use_dist() {
- if(dist != false){
- mod_measure_Dist[mod_measure_Dist.length] = dist;
- var totalDist = mod_measure_TotalDist[mod_measure_TotalDist.length-1] + dist;
- mod_measure_TotalDist[mod_measure_TotalDist.length] = Math.round(totalDist * 100)/100;
-
- }
- drawDashedLine();
- dist = false;
-}
-function mod_measure_start(e){
- mb_getMousePos(e,mod_measure_target);
- var realWorldPos = my_makeClickPos2RealWorldPos(mod_measure_target,clickX,clickY);
-
- mod_measure_RX[mod_measure_RX.length] = realWorldPos[0];
- mod_measure_RY[mod_measure_RY.length] = realWorldPos[1];
-
- if(mod_measure_RX.length > 1){
-
- convert_coords(mod_measure_RX[mod_measure_RX.length-2],mod_measure_RY[mod_measure_RY.length-2],mod_measure_RX[mod_measure_RX.length-1],mod_measure_RY[mod_measure_RY.length-1],inputEPSG);
- }
- else{
- mod_measure_Dist[mod_measure_Dist.length] = 0;
- mod_measure_TotalDist[mod_measure_TotalDist.length] = 0;
- drawDashedLine();
- }
-}
-function drawDashedLine(){
- var str_mPoints = "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='"+mod_measure_width+"' height='0'></div>";
- str_mPoints += "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='0' height='"+mod_measure_height+"'></div>";
- for(var i=0; i<mod_measure_RX.length; i++){
- var pos = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[i],mod_measure_RY[i]);
- str_mPoints += "<div style='font-size:1px;position:absolute;top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;width:4px;height:4px;background-color:"+mod_measure_basepoint+"'></div>";
- if(i>0){
- str_mPoints += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color1+";";
- if(mod_measure_bg != ""){
- str_mPoints += "background-color:"+mod_measure_bg+";";
- }
- str_mPoints += "position:absolute;top:"+(pos[1] + 3)+"px;left:"+(pos[0]+3)+"px;z-index:20'>"+mod_measure_TotalDist[i]+"</div>";
- str_mPoints += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color2+";position:absolute;top:"+(pos[1] + 4)+"px;left:"+(pos[0]+4)+"px;z-index:21'>"+mod_measure_TotalDist[i]+"</div>";
- }
- }
- if(mod_measure_RX.length>1){
- for(var k=1; k<mod_measure_RX.length; k++){
- var pos0 = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[k], mod_measure_RY[k]);
- var pos1 = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[k-1], mod_measure_RY[k-1]);
-
- str_mPoints += evaluateDashes(pos1[0],pos1[1],pos0[0],pos0[1],k);
- }
- }
- writeTag(mod_measure_target,"measuring",str_mPoints);
-}
-function evaluateDashes(x1,y1,x2,y2,count){
- var str_dashedLine = "";
- var s = 10;
- var d = Math.sqrt(Math.pow((y1-y2),2) + Math.pow((x1-x2),2)) ;
- var n = Math.round(d/s);
- var s_x = (x2 - x1)/n;
- var s_y = (y2 - y1)/n;
- for(var i=1; i<n; i++){
- var x = Math.round(x1 + i * s_x)-2;
- var y = Math.round(y1 + i * s_y)-2;
- if(x >= 0 && x <= mod_measure_width && y >= 0 && y <= mod_measure_height){
- str_dashedLine += "<div style='font-size:1px;position:absolute;top:"+y+"px;left:"+x+"px;width:4px;height:4px;background-color:"+mod_measure_linepoint+"'></div>";
- }
- }
- str_dashedLine += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color1+";";
- if(mod_measure_bg != ""){
- str_dashedLine += "background-color:"+mod_measure_bg+";";
- }
- str_dashedLine += "position:absolute;top:"+(Math.round(y1 + (y2-y1)/2 +3))+"px;left:"+(Math.round(x1 + (x2-x1)/2 +3))+"px'>"+mod_measure_Dist[count]+"</div>";
- str_dashedLine += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color2+";position:absolute;top:"+(Math.round(y1 + (y2-y1)/2 + 4))+"px;left:"+(Math.round(x1 + (x2-x1)/2+4))+"px'>"+mod_measure_Dist[count]+"</div>";
- return str_dashedLine;
-}
-function mod_measure_close(){
- if(mod_measure_RX.length < 3 || (mod_measure_RX[mod_measure_RX.length-1] == mod_measure_RX[0] && mod_measure_RY[mod_measure_RY.length-1] == mod_measure_RY[0])){return;}
- mod_measure_RX[mod_measure_RX.length] = mod_measure_RX[0];
- mod_measure_RY[mod_measure_RY.length] = mod_measure_RY[0];
- if(mod_measure_RX.length > 1){
- // circumference
- convert_coords(mod_measure_RX[mod_measure_RX.length-2],mod_measure_RY[mod_measure_RY.length-2],mod_measure_RX[mod_measure_RX.length-1],mod_measure_RY[mod_measure_RY.length-1],inputEPSG);
- }
- else{
- mod_measure_Dist[mod_measure_Dist.length] = 0;
- mod_measure_TotalDist[mod_measure_TotalDist.length] = 0;
- drawDashedLine();
- }
-}
-function mod_measure_delete(){
- mod_measure_RX = new Array();
- mod_measure_RY = new Array();
- mod_measure_Dist = new Array();
- mod_measure_TotalDist = new Array();
- dist = false;
- writeTag(mod_measure_target,"measuring","");
- writeTag(mod_measure_target,"measure_display","");
-}
-function my_makeClickPos2RealWorldPos(frameName, myClickX, myClickY) {
- var ind = getMapObjIndexByName(frameName);
- var width = parseInt(mb_mapObj[ind].width);
- var height = parseInt(mb_mapObj[ind].height);
- var arrayBBox = mb_mapObj[ind].extent.split(",");
- var minX = parseFloat(arrayBBox[0]);
- var minY = parseFloat(arrayBBox[1]);
- var maxX = parseFloat(arrayBBox[2]);
- var maxY = parseFloat(arrayBBox[3]);
- var xtentx = maxX - minX;
- var xtenty = maxY - minY;
- var posX = parseFloat(minX + (myClickX / width) * xtentx);
- var posY = parseFloat(maxY - (myClickY / height) * xtenty);
- return new Array(posX, posY);
-}
-function convert_coords(x1,y1,x2,y2,inputEPSG){
-
- $.post(
- // zielurl
- '../javascripts/transform_coordinatesWGS84.php',
- // parameter fuer diese datei
- {
- 'x1' : x1,
- 'y1' : y1,
- 'x2' : x2,
- 'y2' : y2,
- 'inputEPSG' : inputEPSG
- },
- // callback function
- function(xml){
- dist = Math.round(parseFloat(xml));
- use_dist();
- }
- );
-}
\ No newline at end of file
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_sandclock2.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_sandclock2.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_sandclock2.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -25,7 +25,7 @@
$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'sandclock2' AND fkey_gui_id = $1";
$v = array($gui_id);
$t = array('s');
-$res = db_query($sql, $v, $t);
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = db_result($res,0,"e_target");
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_setPOI2Scale.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_setPOI2Scale.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_setPOI2Scale.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -21,8 +21,10 @@
include("../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'setPOI2Scale' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'setPOI2Scale' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_wfs_SpatialRequest.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_wfs_SpatialRequest.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_wfs_SpatialRequest.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,5 @@
<?php
-#$Id: mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
# Copyright (C) 2002 CCGIS
#
@@ -33,8 +33,10 @@
include("../../conf/" . $wfs_conf_filename);
include '../include/dyn_js.php';
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'setSpatialRequest' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'setSpatialRequest' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_src = $row["e_src"];
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomCoords.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomCoords.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomCoords.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,5 +1,5 @@
<?php
-#$Id: mod_zoomCoords.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomCoords.php,v 1.10 2006/03/09 08:57:13 uli_rothstein Exp $
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
session_start();
@@ -70,8 +70,10 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'zoomCoords' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'zoomCoords' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomFull.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomFull.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomFull.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,12 +1,14 @@
<?php
-#$Id: mod_zoomFull.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomFull.php,v 1.8 2005/09/13 18:16:42 bjoern_heuser Exp $
$gui_id = $_REQUEST["gui_id"];
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomFull' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomFull' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_src = $row["e_src"];
Modified: tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomOut1.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomOut1.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/mod_zoomOut1.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,13 +1,15 @@
<?php
-#$Id: mod_zoomOut1.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
#$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomOut1.php,v 1.8 2005/09/13 18:16:42 bjoern_heuser Exp $
$gui_id = $_REQUEST["gui_id"];
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomOut1' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomOut1' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_src = $row["e_src"];
Deleted: tags/2.4.4_su/2.4.4_leak/http/javascripts/transform_coordinatesWGS84.php
===================================================================
--- tags/2.4.4/http/javascripts/transform_coordinatesWGS84.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/javascripts/transform_coordinatesWGS84.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -1,49 +0,0 @@
-<?php
-# $Id: mod_measure.php 267 2006-05-12 12:16:01Z vera_schulze $
-# http://www.mapbender.org/index.php/mod_measure.php
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-
-$DBSERVER = '192.168.0.100';
-$OWNER = "admin";
-$PW = "&see5Toxu?";
-
-$con = pg_connect('host=' . $DBSERVER . ' user=' . $OWNER . ' password=' . $PW . ' dbname=merlin');
-
-
-
-$sql_pointA = "SELECT X(transform(GeometryFromText('POINT(".$_POST['x1']." ".$_POST['y1'].")',4326),".$_POST['inputEPSG'].")) as minx, Y(transform(GeometryFromText('POINT(".$_POST['x1']." ".$_POST['y1'].")',4326),".$_POST['inputEPSG'].")) as miny;";
-
-$resA = db_query($sql_pointA);
-$recA = pg_fetch_array($resA);
-
-$sql_pointB = "SELECT X(transform(GeometryFromText('POINT(".$_POST['x2']." ".$_POST['y2'].")',4326),".$_POST['inputEPSG'].")) as maxx, Y(transform(GeometryFromText('POINT(".$_POST['x2']." ".$_POST['y2'].")',4326),".$_POST['inputEPSG'].")) as maxy;";
-
-$resB = db_query($sql_pointB);
-$recB = pg_fetch_array($resB);
-
-$sql_dist = "SELECT distance('POINT(".$recA['minx']." ".$recA['miny']. ")','POINT(" . $recB['maxx']." ". $recB['maxy'].")') as dist;";
-$res_dist = db_query($sql_dist);
-$rec_dist = pg_fetch_array($res_dist);
-
-echo $rec_dist['dist'];
-#echo $recA['minx']. "," . $recA['miny'] . "," . $recB['maxx']. "," . $recB['maxy']. "," .$rec_dist['dist'];
-
-
-
-?>
Modified: tags/2.4.4_su/2.4.4_leak/http/php/createImageFromText.php
===================================================================
--- tags/2.4.4/http/php/createImageFromText.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/createImageFromText.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -23,7 +23,7 @@
$text_x = 4;
$text_y = 0;
-$rect_w = 7 * mb_strlen($text) + $text_x;
+$rect_w = 7 * strlen($text) + $text_x;
$rect_h = 14 + $text_y;
$im = ImageCreate($rect_w, $rect_h);
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mb_listWMCs.php
===================================================================
--- tags/2.4.4/http/php/mb_listWMCs.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mb_listWMCs.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -98,8 +98,10 @@
}
function getTarget($gui_id) {
- $sql = "SELECT e_requires, e_target FROM gui_element WHERE e_id = 'loadwmc' AND fkey_gui_id = '".$gui_id."'";
- $res = db_query($sql);
+ $sql = "SELECT e_requires, e_target FROM gui_element WHERE e_id = 'loadwmc' AND fkey_gui_id = $1";
+ $v = array($gui_id);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_WMSpreferences.php
===================================================================
--- tags/2.4.4/http/php/mod_WMSpreferences.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_WMSpreferences.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -62,8 +62,10 @@
</STYLE>
<?php
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
$vis = "";
$wmsid = "";
@@ -79,8 +81,10 @@
echo "var mod_WMSpreferences_target2 = '".trim($target[1])."';";
echo "</script>";
-$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res_visible = db_query($sql_visible);
+$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res_visible = db_prep_query($sql_visible, $v, $t);
$cnt_visible = 0;
while($row = db_fetch_array($res_visible)){
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_changeEPSG.php
===================================================================
--- tags/2.4.4/http/php/mod_changeEPSG.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_changeEPSG.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -53,66 +53,79 @@
# transform coordinates
if(isset($_REQUEST["srs"])){
- require_once("../../conf/mapbender.conf");
+ require_once(dirname(__FILE__) . "/../../conf/mapbender.conf");
$arraymapObj = split("###", $_REQUEST["srs"]);
echo "<script type='text/javascript'>";
echo "var newExtent = new Array();";
for($i=0; $i < count($arraymapObj); $i++){
$temp = split(",",$arraymapObj[$i]);
- if(SYS_DBTYPE=='pgsql'){
- $con = db_connect($DBSERVER,$OWNER,$PW);
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as minx";
- $resMinx = db_query($sqlMinx);
- $minx = db_result($resMinx,0,"minx");
-
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as miny";
- $resMiny = db_query($sqlMiny);
- $miny = db_result($resMiny,0,"miny");
-
- $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxx";
- $resMaxx =db_query($sqlMaxx);
- $maxx = db_result($resMaxx,0,"maxx");
-
- $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxy";
- $resMaxy = db_query($sqlMaxy);
- $maxy = db_result($resMaxy,0,"maxy");
- }else{
- $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
- $con = pg_connect($con_string) or die ("Error while connecting database");
-
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as minx";
- $resMinx = pg_query($con,$sqlMinx);
- $minx = pg_fetch_result($resMinx,0,"minx");
-
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as miny";
- $resMiny = pg_query($con,$sqlMiny);
- $miny = pg_fetch_result($resMiny,0,"miny");
-
- $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxx";
- $resMaxx = pg_query($con,$sqlMaxx);
- $maxx = pg_fetch_result($resMaxx,0,"maxx");
-
- $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxy";
- $resMaxy = pg_query($con,$sqlMaxy);
- $maxy = pg_fetch_result($resMaxy,0,"maxy");
- }
- $extenty = $maxy - $miny;
- $extentx = $maxx - $minx;
- $relation_px_x = $temp[6] / $temp[7];
- $relation_px_y = $temp[7] / $temp[6];
- $relation_bbox_x = $extentx / $extenty;
- if($relation_bbox_x <= $relation_px_x){
- $centerx = $minx + ($extentx/2);
- $minx = $centerx - $relation_px_x * $extenty / 2;
- $maxx = $centerx + $relation_px_x * $extenty / 2;
+ // check if parameters are valid geometries to
+ // avoid SQL injections
+
+ $oldEPSG = preg_replace("/EPSG:/","",$temp[1]);
+ $newEPSG = preg_replace("/EPSG:/","",$_REQUEST["newSRS"]);
+
+ if (is_numeric($temp[2]) && is_numeric($temp[3]) && is_numeric($temp[4]) && is_numeric($temp[5]) && is_numeric($oldEPSG) && is_numeric($newEPSG)) {
+
+ if(SYS_DBTYPE=='pgsql'){
+ $con = db_connect($DBSERVER,$OWNER,$PW);
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $resMinx = db_query($sqlMinx);
+ $minx = db_result($resMinx,0,"minx");
+
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $resMiny = db_query($sqlMiny);
+ $miny = db_result($resMiny,0,"miny");
+
+ $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxx";
+ $resMaxx = db_query($sqlMaxx);
+ $maxx = db_result($resMaxx,0,"maxx");
+
+ $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxy";
+ $resMaxy = db_query($sqlMaxy);
+ $maxy = db_result($resMaxy,0,"maxy");
+ }else{
+ $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
+ $con = pg_connect($con_string) or die ("Error while connecting database");
+
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $resMinx = pg_query($con,$sqlMinx);
+ $minx = pg_fetch_result($resMinx,0,"minx");
+
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $resMiny = pg_query($con,$sqlMiny);
+ $miny = pg_fetch_result($resMiny,0,"miny");
+
+ $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxx";
+ $resMaxx = pg_query($con,$sqlMaxx);
+ $maxx = pg_fetch_result($resMaxx,0,"maxx");
+
+ $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxy";
+ $resMaxy = pg_query($con,$sqlMaxy);
+ $maxy = pg_fetch_result($resMaxy,0,"maxy");
+ }
+ $extenty = $maxy - $miny;
+ $extentx = $maxx - $minx;
+ $relation_px_x = $temp[6] / $temp[7];
+ $relation_px_y = $temp[7] / $temp[6];
+ $relation_bbox_x = $extentx / $extenty;
+
+ if($relation_bbox_x <= $relation_px_x){
+ $centerx = $minx + ($extentx/2);
+ $minx = $centerx - $relation_px_x * $extenty / 2;
+ $maxx = $centerx + $relation_px_x * $extenty / 2;
+ }
+ if($relation_bbox_x > $relation_px_x){
+ $centery = $miny + ($extenty/2);
+ $miny = $centery - $relation_px_y * $extentx / 2;
+ $maxy = $centery + $relation_px_y * $extentx / 2;
+ }
+ echo "newExtent[".$i."] = '".$temp[0].",".$_REQUEST["newSRS"].",".$minx.",".$miny.",".$maxx.",".$maxy."';";
}
- if($relation_bbox_x > $relation_px_x){
- $centery = $miny + ($extenty/2);
- $miny = $centery - $relation_px_y * $extentx / 2;
- $maxy = $centery + $relation_px_y * $extentx / 2;
- }
- echo "newExtent[".$i."] = '".$temp[0].",".$_REQUEST["newSRS"].",".$minx.",".$miny.",".$maxx.",".$maxy."';";
+ else {
+ echo "var e = new parent.Mb_exception('mod_changeEPSG.php: invalid input parameter (p1 = (" . $temp[2] . "," . $temp[3] . "), p2 = (" . $temp[4] . "," . $temp[5] . "), old EPSG: " . $oldEPSG . ", new EPSG: " . $newEPSG . ", ).');";
+ }
}
echo "</script>";
}
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_deleteGUI.php
===================================================================
--- tags/2.4.4/http/php/mod_deleteGUI.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_deleteGUI.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -65,12 +65,13 @@
###delete
if($guiList){
- $sql = "DELETE FROM gui WHERE gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui WHERE gui_id = $1";
+ $v = array($guiList);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
}
-$sql_gui = "SELECT * FROM gui ";
-$sql_gui .= " ORDER BY gui_name";
+$sql_gui = "SELECT * FROM gui ORDER BY gui_name";
$res_gui = db_query($sql_gui);
$cnt_gui = 0;
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_deleteWFS.php
===================================================================
--- tags/2.4.4/http/php/mod_deleteWFS.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_deleteWFS.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -76,12 +76,13 @@
###delete
if($wfsList){
- $sql = "DELETE FROM wfs WHERE wfs_id = '".$wfsList."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM wfs WHERE wfs_id = $1";
+ $v = array($wfsList);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
}
-$sql_wfs = "SELECT * FROM wfs ";
-$sql_wfs .= " ORDER BY wfs_id";
+$sql_wfs = "SELECT * FROM wfs ORDER BY wfs_id";
$res_wfs = db_query($sql_wfs);
$cnt_wfs = 0;
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editFilteredGroup.php
===================================================================
--- tags/2.4.4/http/php/mod_editFilteredGroup.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editFilteredGroup.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -138,11 +138,15 @@
echo "<select name='selected_group' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
+ $v = array();
+ $t = array();
if(isset($myGroup)){
- $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];
+ $sql .= "WHERE mb_group_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
}
$sql .= " ORDER BY mb_group_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_group_id"]."' ";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editFilteredUser.php
===================================================================
--- tags/2.4.4/http/php/mod_editFilteredUser.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editFilteredUser.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -185,9 +185,15 @@
echo "<select name='selected_user' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_user_name,mb_user_id FROM mb_user ";
- if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
- $sql .= " ORDER BY mb_user_name ";
- $res = db_query($sql);
+ $v = array();
+ $t = array();
+ if (isset($myUser)) {
+ $sql .= "WHERE mb_user_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
+ $sql .= " ORDER BY mb_user_name ";
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_user_id"]."' ";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editGroup.php
===================================================================
--- tags/2.4.4/http/php/mod_editGroup.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editGroup.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -136,9 +136,15 @@
echo "<select name='selected_group' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
- if(isset($myGroup)){ $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];}
+ $v = array();
+ $t = array();
+ if (isset($myGroup)) {
+ $sql .= "WHERE mb_group_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
$sql .= " ORDER BY mb_group_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_group_id"]."' ";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editGuiWms.php
===================================================================
--- tags/2.4.4/http/php/mod_editGuiWms.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editGuiWms.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -592,7 +592,7 @@
echo "<td style='background:lightgrey'><input type='text' size='2' name='L_".$layer_id[$i]."___layer_id' value='".$layer_id[$i]."' readonly></td>";
echo "<td><input type='text' size='1' name='L_".$layer_id[$i]."___layer_parent' value='".$layer_parent[$i]."' readonly></td>";
echo "<td style='background:lightgrey'><input type='text' size='7' value='".$layer_name[$i]."' readonly></td>";
- echo "<td><input type='text' name='".$layer_title[$i]."' size='12' value='".$layer_title[$i]."' ></td>";
+ echo "<td><input type='text' name='".$layer_title[$i]."' size='12' value='".$layer_title[$i]."' readonly></td>";
echo "<td style='background:lightgrey'><input name='L_".$layer_id[$i]."___gui_layer_status' type='checkbox' ";
if($gui_layer_status[$i] == 1){ echo "checked";}
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editGuiWmsMeta.php
===================================================================
--- tags/2.4.4/http/php/mod_editGuiWmsMeta.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editGuiWmsMeta.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -134,19 +134,23 @@
$function = $_REQUEST["function"];
if ( $function = "update" ) {
- $sql = "UPDATE layer SET layer_meta_datum = '".$_REQUEST["layer_meta_datum"]."'";
- $sql.= ", layer_meta_lieferant = '".$_REQUEST["layer_meta_lieferant"]."'";
- $sql.= ", layer_meta_quelle = '".$_REQUEST["layer_meta_quelle"]."'";
- $sql.= ", layer_meta_ansprechpartner = '".$_REQUEST["layer_meta_ansprechpartner"]."'";
- $sql.= ", layer_meta_lieferant_basis = '".$_REQUEST["layer_meta_lieferant_basis"]."'";
- $sql.= ", layer_meta_copyright = '".$_REQUEST["layer_meta_copyright"]."'";
- $sql.= " WHERE layer_id = ".$layer_id.";";
- $res = db_query($sql);
+ $sql = "UPDATE layer SET layer_meta_datum = $1, ";
+ $sql.= "layer_meta_lieferant = $2, ";
+ $sql.= "layer_meta_quelle = $3, ";
+ $sql.= "layer_meta_ansprechpartner = $4, ";
+ $sql.= "layer_meta_lieferant_basis = $5, ";
+ $sql.= "layer_meta_copyright = $6 ";
+ $sql.= " WHERE layer_id = $7;";
+ $v = array($_REQUEST["layer_meta_datum"], $_REQUEST["layer_meta_lieferant"], $_REQUEST["layer_meta_quelle"], $_REQUEST["layer_meta_ansprechpartner"], $_REQUEST["layer_meta_lieferant_basis"], $_REQUEST["layer_meta_copyright"], $layer_id);
+ $t = array("s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
}
}
- $sql = "SELECT * FROM layer WHERE layer_id = '".$layer_id."';";
- $res = db_query($sql);
+ $sql = "SELECT * FROM layer WHERE layer_id = $1;";
+ $v = array($layer_id);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if ( db_fetch_row($res, 0) ) {
echo " <h3>Editieren von Metadaten</h3>\n";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editUser.php
===================================================================
--- tags/2.4.4/http/php/mod_editUser.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editUser.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -200,9 +200,15 @@
echo "<select name='selected_user' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_user_name,mb_user_id FROM mb_user ";
- if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
+ $v = array();
+ $t = array();
+ if (isset($myUser)) {
+ $sql .= "WHERE mb_user_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
$sql .= " ORDER BY mb_user_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_user_id"]."' ";
@@ -339,5 +345,18 @@
?>
<input type='hidden' name='action' value=''>
</form>
+<script type="text/javascript">
+<!--
+var user=[];
+<?php
+for($i=0; $i<$cnt_user; $i++){
+ echo "user[".($i)."]=[];\n";
+ echo "user[".($i)."]['id']='" . $user_id[$i] . "';\n";
+ echo "user[".($i)."]['name']='" . $user_name[$i] . "';\n";
+ echo "user[".($i)."]['email']='" . $user_email[$i] . "';\n";
+}
+?>
+// -->
+</script>
</body>
</html>
\ No newline at end of file
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_editWMS_Metadata.php
===================================================================
--- tags/2.4.4/http/php/mod_editWMS_Metadata.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_editWMS_Metadata.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -77,15 +77,15 @@
function guessTimestamp($timestr)
{
- if (strstr($timestr, '.'))
+ if (strpos($timestr, '.'))
{
list($day, $month, $year) = explode(".", $timestr);
}
- elseif (strstr($timestr, '/'))
+ elseif (strpos($timestr, '/'))
{
list($month, $day, $year) = explode("/", $timestr);
}
- elseif (strstr($timestr, '-'))
+ elseif (strpos($timestr, '-'))
{
list($year, $month, $day) = explode("-", $timestr);
}
@@ -101,51 +101,69 @@
#Update handling
-if(isset($_REQUEST['update_content']) && $_REQUEST['update_content'] == true)
-{
+if (isset($_REQUEST['update_content']) && $_REQUEST['update_content'] == true) {
- $update_wms_sql = "UPDATE wms SET " .
- "wms_title = '".$_REQUEST['wms_title_box']."', " .
- "wms_abstract = '".$_REQUEST['wms_abstract_box']."', " .
- "fees = '".$_REQUEST['fees_box']."', " .
- "accessconstraints = '".$_REQUEST['accessconstraints_box']."', " .
- "contactperson = '".$_REQUEST['contactperson_box']."', " .
- "contactposition = '".$_REQUEST['contactposition_box']."', " .
- "contactorganization = '".$_REQUEST['contactorganization_box']."', " .
- "address = '".$_REQUEST['address_box']."', " .
- "city = '".$_REQUEST['city_box']."', " .
- "stateorprovince = '".$_REQUEST['stateorprovince_box']."', " .
- "postcode = '".$_REQUEST['postcode_box']."', " .
- "country = '".$_REQUEST['country_box']."', " .
- "contactvoicetelephone = '".$_REQUEST['contactvoicetelephone_box']."', " .
- "contactfacsimiletelephone = '".$_REQUEST['contactfacsimiletelephone_box']."', " .
- "contactelectronicmailaddress = '".$_REQUEST['contactelectronicmailaddress_box']."'";
- if (isset($_REQUEST['wms_timestamp_box']) && $_REQUEST['wms_timestamp_box'] <> "")
- {
- $update_wms_sql .= ", " . "wms_timestamp = " .
- "'".guessTimestamp($_REQUEST['wms_timestamp_box'])."' ";
- }
- $update_wms_sql .= "WHERE wms_id = '".$_REQUEST['wms_id']."'";
- $res_update_wms_sql = db_query($update_wms_sql);
- while(list($key,$val) = each($_REQUEST))
+ $update_wms_sql = "UPDATE wms SET ";
+ $update_wms_sql .= "wms_title = $1, wms_abstract = $2, fees = $3, ";
+ $update_wms_sql .= "accessconstraints = $4, contactperson = $5, ";
+ $update_wms_sql .= "contactposition = $6, contactorganization = $7, ";
+ $update_wms_sql .= "address = $8, city = $9, stateorprovince = $10, ";
+ $update_wms_sql .= "postcode = $11, country = $12, ";
+ $update_wms_sql .= "contactvoicetelephone = $13, ";
+ $update_wms_sql .= "contactfacsimiletelephone = $14, ";
+ $update_wms_sql .= "contactelectronicmailaddress = $15 ";
+
+ $v = array();
+ array_push($v, $_REQUEST['wms_title_box']);
+ array_push($v, $_REQUEST['wms_abstract_box']);
+ array_push($v, $_REQUEST['fees_box']);
+ array_push($v, $_REQUEST['accessconstraints_box']);
+ array_push($v, $_REQUEST['contactperson_box']);
+ array_push($v, $_REQUEST['contactposition_box']);
+ array_push($v, $_REQUEST['contactorganization_box']);
+ array_push($v, $_REQUEST['address_box']);
+ array_push($v, $_REQUEST['city_box']);
+ array_push($v, $_REQUEST['stateorprovince_box']);
+ array_push($v, $_REQUEST['postcode_box']);
+ array_push($v, $_REQUEST['country_box']);
+ array_push($v, $_REQUEST['contactvoicetelephone_box']);
+ array_push($v, $_REQUEST['contactfacsimiletelephone_box']);
+ array_push($v, $_REQUEST['contactelectronicmailaddress_box']);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+
+ if (isset($_REQUEST['wms_timestamp_box']) && $_REQUEST['wms_timestamp_box'] <> "") {
+ $update_wms_sql .= ", wms_timestamp = $16 ";
+ array_push($v, guessTimestamp($_REQUEST['wms_timestamp_box']));
+ array_push($t, "s");
+
+ $update_wms_sql .= "WHERE wms_id = $17";
+ }
+ else {
+ $update_wms_sql .= "WHERE wms_id = $16";
+ }
+ array_push($v, $_REQUEST['wms_id']);
+ array_push($t, "s");
+
+ $res_update_wms_sql = db_prep_query($update_wms_sql, $v, $t);
+
+ while(list($key,$val) = each($_REQUEST))
{
if(preg_match("/___/", $key))
{
$myKey = explode("___", $key);
- $layer_id = str_replace("L_","",$myKey[0]);
- if($myKey[1]=="layer_abstract")
- {
- $layer_sql = "UPDATE layer SET layer_abstract = '$val' " .
- "WHERE layer_id = $layer_id AND fkey_wms_id = '".$_REQUEST['wms_id']."'";
- $res_keyword_sql = db_query($layer_sql);
+ $layer_id = preg_replace("/L_/","",$myKey[0]);
+ if($myKey[1]=="layer_abstract") {
+ $layer_sql = "UPDATE layer SET layer_abstract = $1 ";
+ $layer_sql .= "WHERE layer_id = $2 AND fkey_wms_id = $3";
+ $v = array($val, $layer_id, $_REQUEST['wms_id']);
+ $t = array("s", "i", "s");
+ $res_keyword_sql = db_prep_query($layer_sql, $v, $t);
}
- if($myKey[1]=="layer_keywords")
- {
+ if($myKey[1]=="layer_keywords") {
#Get all keywords depending on the given layer after user modification
$keywords = explode(",",$val);
#delete all blanks from the keywords list
- for($j = 0; $j < count($keywords); $j++)
- {
+ for ($j = 0; $j < count($keywords); $j++) {
$word = $keywords[$j];
$word = trim($word);
$keywords[$j] = $word;
@@ -155,9 +173,12 @@
$keyword_sql = "SELECT keyword_id, keyword FROM keyword, layer_keyword, layer " .
"WHERE keyword.keyword_id = layer_keyword.fkey_keyword_id " .
"AND layer_keyword.fkey_layer_id = layer.layer_id " .
- "AND layer.fkey_wms_id = '".$_REQUEST['wms_id']."'" .
- "AND layer.layer_id = $layer_id";
- $res_keyword_sql = db_query($keyword_sql);
+ "AND layer.fkey_wms_id = $1 " .
+ "AND layer.layer_id = $2";
+
+ $v = array($_REQUEST['wms_id'], $layer_id);
+ $t = array("s", "i");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
while($keyword_row = db_fetch_array($res_keyword_sql))
{
$keyword = $keyword_row['keyword'];
@@ -171,19 +192,25 @@
#echo "1c: Keyword nicht in User Liste: Keyword: ", $keyword, ";<br>";
#Deleting reference to the keyword from the layer_keyword table.
$keyword_sql = "DELETE FROM layer_keyword " .
- "WHERE fkey_layer_id = $layer_id " .
- "AND fkey_keyword_id = $keyword_id";
- db_query($keyword_sql);
+ "WHERE fkey_layer_id = $1 " .
+ "AND fkey_keyword_id = $2";
+ $v = array($layer_id, $keyword_id);
+ $t = array("i", "i");
+ db_prep_query($keyword_sql, $v, $t);
#Checking, if the keyword is in use by any layer
$layer_sql = "SELECT * FROM layer_keyword " .
- "WHERE fkey_keyword_id = $keyword_id";
- $res_layer_sql = db_query($layer_sql);
+ "WHERE fkey_keyword_id = $1";
+ $v = array($keyword_id);
+ $t = array("i");
+ $res_layer_sql = db_prep_query($layer_sql, $v, $t);
if(!($row = db_fetch_array($res_layer_sql)))
{
#If keyword will not longer be in use, delete it from keyword table
$keyword_sql = "DELETE FROM keyword " .
- "WHERE keyword_id = $keyword_id";
- db_query($keyword_sql);
+ "WHERE keyword_id = $1";
+ $v = array($keyword_id);
+ $t = array("i");
+ db_prep_query($keyword_sql, $v, $t);
}
}
#Keyword exists in the database and in the user data
@@ -211,8 +238,10 @@
$keyword = trim($keywords[$i]);
#Check, if the keyword is exsiting in the database
$keyword_sql = "SELECT keyword_id FROM keyword " .
- "WHERE UPPER(keyword) = UPPER('$keyword')";
- $res_keyword_sql = db_query($keyword_sql);
+ "WHERE UPPER(keyword) = UPPER($1)";
+ $v = array($keyword);
+ $t = array("s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
$keyword_row = db_fetch_array($res_keyword_sql);
#Keyword exists in the database
if($keyword_row != null)
@@ -223,10 +252,15 @@
#Keyword does not exist in the database
else
{
- $keyword_sql = "INSERT INTO keyword (keyword) VALUES ('$keyword')";
- $res_keyword_sql = db_query($keyword_sql);
- $keyword_sql = "SELECT keyword_id FROM keyword WHERE keyword = '$keyword'";
- $res_keyword_sql = db_query($keyword_sql);
+ $keyword_sql = "INSERT INTO keyword (keyword) VALUES ($1)";
+ $v = array($keyword);
+ $t = array("s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
+
+ $keyword_sql = "SELECT keyword_id FROM keyword WHERE keyword = $1";
+ $v = array($keyword);
+ $t = array("s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
$keyword_row = db_fetch_array($res_keyword_sql);
if($keyword_row != null)
{
@@ -236,8 +270,10 @@
}
#Inserting the reference between layer and keyword in the layer_keyword table
$keyword_sql = "INSERT INTO layer_keyword (fkey_layer_id, fkey_keyword_id) " .
- "VALUES ('$layer_id', '$keyword_id')";
- $res_keyword_sql = db_query($keyword_sql);
+ "VALUES ($1, $2)";
+ $v = array($layer_id, $keyword_id);
+ $t = array("s", "s");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
}
}
#Delete all elements from array
@@ -253,8 +289,10 @@
if(isset($_REQUEST['delete_preview']) && $_REQUEST['delete_preview']=='1'
&& isset($_REQUEST['layer_id']))
{
- $preview_sql = "DELETE FROM layer_preview WHERE fkey_layer_id = ".$_REQUEST['layer_id']."";
- $res_preview_sql = db_query($preview_sql);
+ $preview_sql = "DELETE FROM layer_preview WHERE fkey_layer_id = $1";
+ $v = array($_REQUEST['layer_id']);
+ $t = array("s");
+ $res_preview_sql = db_prep_query($preview_sql, $v, $t);
die("Preview has been deleted!</body></html>");
}
?>
@@ -277,8 +315,10 @@
{
#Querying information from wms data table
- $wms_sql = "SELECT wms_id, wms_title FROM wms WHERE wms_owner = ".$_SESSION["mb_user_id"]. " ORDER BY wms_title";
- $res_wms_sql = db_query($wms_sql);
+ $wms_sql = "SELECT wms_id, wms_title FROM wms WHERE wms_owner = $1 ORDER BY wms_title";
+ $v = array($_SESSION["mb_user_id"]);
+ $t = array("i");
+ $res_wms_sql = db_prep_query($wms_sql, $v, $t);
#wms-selection
$selectBox = "";
@@ -321,8 +361,10 @@
if(isset($wms_id) == true && $wms_id <>0)
{
- $selected_wms_sql = "SELECT * FROM wms WHERE wms_id = '".$wms_id."'";
- $res_selected_wms_sql = db_query($selected_wms_sql);
+ $selected_wms_sql = "SELECT * FROM wms WHERE wms_id = $1";
+ $v = array($wms_id);
+ $t = array("s");
+ $res_selected_wms_sql = db_prep_query($selected_wms_sql, $v, $t);
$selected_row = db_fetch_array($res_selected_wms_sql);
?>
@@ -400,9 +442,11 @@
<?php
- $layer_sql = "SELECT * FROM layer WHERE layer.fkey_wms_id = '".$wms_id."'" .
+ $layer_sql = "SELECT * FROM layer WHERE layer.fkey_wms_id = $1" .
" ORDER BY layer_pos";
- $res_layer_sql = db_query($layer_sql);
+ $v = array($wms_id);
+ $t = array("s");
+ $res_layer_sql = db_prep_query($layer_sql, $v, $t);
while($layer_row = db_fetch_array($res_layer_sql))
{
@@ -419,9 +463,11 @@
$keyword_sql = "SELECT keyword FROM keyword, layer_keyword, layer " .
"WHERE keyword.keyword_id = layer_keyword.fkey_keyword_id " .
"AND layer_keyword.fkey_layer_id = layer.layer_id " .
- "AND layer.fkey_wms_id = '".$wms_id."' " .
- "AND layer.layer_id = ".$layer_row['layer_id']."";
- $res_keyword_sql = db_query($keyword_sql);
+ "AND layer.fkey_wms_id = $1 " .
+ "AND layer.layer_id = $2";
+ $v = array($wms_id, $layer_row['layer_id']);
+ $t = array("s", "i");
+ $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
$keywordList = "";
$seperator = "";
while($keyword_row = db_fetch_array($res_keyword_sql))
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_edit_element_vars.php
===================================================================
--- tags/2.4.4/http/php/mod_edit_element_vars.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_edit_element_vars.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -110,13 +110,20 @@
<?php
# handle database updates etc.....
if(isset($mySave) && $mySave == '1'){
- if($SYS_DBTYPE=='pgsql'){
- $sql[0] = "SET AUTOCOMMIT=1;";}
- else{
- $sql[0] = "SET AUTOCOMMIT=0;shit happens";
- }
- $sql[1] = "BEGIN;";
- $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' and ....";
+ if ($SYS_DBTYPE=='pgsql') {
+ $sql[0] = "SET AUTOCOMMIT=1;";
+ }
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0;shit happens";
+ }
+ $v[0] = array();
+ $t[0] = array();
+ $sql[1] = "BEGIN;";
+ $v[1] = array();
+ $t[1] = array();
+ $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+ $v[2] = array($e_id, $guiList1);
+ $t[2] = array("s", "s");
if($e_left < 1){$e_left = "NULL";}
@@ -124,25 +131,32 @@
if($e_width < 1){$e_width = "NULL";}
if($e_height < 1){$e_height = "NULL";}
if($e_z_index < 1){$e_z_index = "NULL";}
- $sql[3] = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".$e_content."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
+ $sql[3] = "INSERT INTO gui_element_vars ";
+ $sql[3] .= "(fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, ";
+ $sql[3] .= "e_attributes, e_left, e_top, e_width, e_height, e_z_index, ";
+ $sql[3] .= "e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, ";
+ $sql[3] .= "e_requires) ";
+ $sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20)";
+ $v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, $e_content, $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+ $t[3] = array("s", "s", "i", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
#echo $sql[3];
- foreach ($sql as $mysql){
- $res = db_query($mysql);
- if(!$res){echo $mysql; break;}
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
}
if($res){
- $res = db_query( "COMMIT");
+ $res = db_query( "COMMIT");
$res = db_query( "SET AUTOCOMMIT=1");
}
else{
$res = db_query( "ROLLBACK");
$res = db_query( "SET AUTOCOMMIT=1");
}
- }
+}
if(isset($myDelete) && $myDelete == '1'){
- $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' AND var_name='".$var_name."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2 AND var_name= $3";
+ $v = array($e_id, $guiList1, $var_name);
+ $t = array("s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
$e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
$e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
$e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -154,24 +168,37 @@
echo "</script>";
}
if(isset($all) && $all == '1'){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."' AND fkey_e_id = '".$e_id."' and var_name='".$var_name."' ;";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3;";
+ $v = array($guiList2, $e_id, $var_name);
+ $t = array("s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".db_result($res,$cnt,"fkey_e_id")."' and var_name='".$var_name."' ";
- $res_del = db_query($sql_del);
+ $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3";
+ $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), $var_name);
+ $t = array("s", "s", "s");
+ $res_del = db_prep_query($sql_del, $v, $t);
if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
- $sql_ins = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
- $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
+ $sql_ins = "INSERT INTO gui_element_vars ";
+ $sql_ins .= "(fkey_gui_id, e_id, e_pos,e_public, e_comment, e_element, ";
+ $sql_ins .= "e_src, e_attributes, e_left, e_top, e_width, e_height, ";
+ $sql_ins .= "e_z_index, e_more_styles, e_content, e_closetag, e_js_file, ";
+ $sql_ins .= "e_mb_mod, e_target, e_requires) ";
+ $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+ $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, ";
+ $sql_ins .= "$19, $20)";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
- $res_ins = db_query($sql_ins);
- if(!$res_ins){echo db_error($connect); }
+ $res_ins = db_prep_query($sql_ins, $v, $t);
+ if (!$res_ins) {
+ echo db_error($connect);
+ }
$cnt++;
}
}
@@ -179,8 +206,10 @@
echo "<script language='javascript'>";
echo "var varIDs = new Array();";
if(isset($guiList1)){
- $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."'";
- $res = db_query($sql);
+ $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($guiList1, $e_id);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
echo "varIDs[".$cnt."] = '".db_result($res,$cnt,"var_name")."'; ";
@@ -284,8 +313,10 @@
if(isset($guiList1)){
echo "<div class='guiList2_header'>Templates</div>";
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id='".$e_id."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($guiList1, $e_id);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<div class='myElements'><table>";
while($row = db_fetch_array($res)){
@@ -303,9 +334,11 @@
#Formular:
echo "<table class='myForm'>";
if(isset($guiList1) && isset($var_name)){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."' AND var_name='".$var_name."'";
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = '".$e_id."' AND var_name = $2";
+ $v = array($guiList1, $var_name);
+ $t = array("s", "s");
//echo $sql;
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<tr><td>ID: </td><td><input type='text' class='textfield' readonly name='e_id' value='".$e_id."'></td></tr>";
echo "<tr><td>Var Type: </td><td><input type='text' class='textfield' name='type' value='".$row["type"]."'></td></tr>";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_edit_metadata.php
===================================================================
--- tags/2.4.4/http/php/mod_edit_metadata.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_edit_metadata.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -112,45 +112,71 @@
# handle database updates etc.....
if(isset($mySave) && ($mySave == '1' || $mySave == '2')) {
if ($mySave == '1'){
- $sql_vars = "SELECT * FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
- $res_vars = db_query($sql_vars);
+ $sql_vars = "SELECT * FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+ $v = array($e_id, $guiList1);
+ $t = array("s", "s");
+ $res_vars = db_prep_query($sql_vars, $v, $t);
//$rows = db_fetch_array($res_vars);
- if($SYS_DBTYPE=='pgsql')
- {
- $sql[0] = "SET AUTOCOMMIT=1";
- }
- else
- {
- $sql[0] = "SET AUTOCOMMIT=0";
- }
- $sql[1] = "BEGIN";
- $sql[2] = "DELETE FROM gui_element WHERE e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
+ $sql = array();
+ $v = array();
+ $t = array();
+ if ($SYS_DBTYPE == "pgsql") {
+ $sql[0] = "SET AUTOCOMMIT=1";
+ $v[0] = array();
+ $t[0] = array();
+ }
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0";
+ $v[0] = array();
+ $t[0] = array();
+ }
+ $sql[1] = "BEGIN";
+ $v[1] = array();
+ $t[1] = array();
+
+ $sql[2] = "DELETE FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
+ $v[2] = array($e_id, $guiList1);
+ $t[2] = array("s", "s");
-
if($e_left < 1){$e_left = "NULL";}
if($e_top < 1){$e_top = "NULL";}
if($e_width < 1){$e_width = "NULL";}
if($e_height < 1){$e_height = "NULL";}
if($e_z_index < 1){$e_z_index = "NULL";}
- $sql[3] = "INSERT INTO gui_element(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".db_escape_string($e_content)."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
-
+ $sql[3] = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, ";
+ $sql[3] .= "e_comment, e_element, e_src, e_attributes, e_left, e_top, ";
+ $sql[3] .= "e_width, e_height, e_z_index, e_more_styles, e_content, ";
+ $sql[3] .= "e_closetag, e_js_file, e_mb_mod, e_target, e_requires) ";
+ $sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, ";
+ $sql[3] .= "$13, $14, $15, $16, $17, $18, $19, $20)";
+ $v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, db_escape_string($e_content), $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+ $t[3] = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
}
# mySave == 2 <=> just save GUI description
elseif ($mySave == '2') {
- if($SYS_DBTYPE=='pgsql')
- {
- $sql[0] = "SET AUTOCOMMIT=1";
- }
- else
- {
- $sql[0] = "SET AUTOCOMMIT=0";
+ $sql = array();
+ $v = array();
+ $t = array();
+ if ($SYS_DBTYPE == "pgsql") {
+ $sql[0] = "SET AUTOCOMMIT=1";
+ $v[0] = array();
+ $t[0] = array();
}
- $sql[1] = "BEGIN";
- $sql[3] = "UPDATE gui SET gui_description = '". $guiDesc."' WHERE gui_id ='".$guiId."'";
- }
- foreach ($sql as $mysql){
- $res = db_query($mysql);
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0";
+ $v[0] = array();
+ $t[0] = array();
+ }
+ $sql[1] = "BEGIN";
+ $v[1] = array();
+ $t[1] = array();
+
+ $sql[2] = "UPDATE gui SET gui_description = $1 WHERE gui_id = $2";
+ $v[2] = array($guiDesc, $guiId);
+ $t[2] = array("s", "s");
+ }
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
if(!$res){break;}
}
if($res){
@@ -161,19 +187,25 @@
$res = db_query( "ROLLBACK");
$res = db_query( "SET AUTOCOMMIT=1");
}
- if(isset($sql_vars)){//sicherstellen das keine Element_Vars gelöscht wurden
+ if(isset($sql_vars)){//sicherstellen das keine Element_Vars gel�scht wurden
while($row = db_fetch_array($res_vars)){
- $securesql = "INSERT INTO gui_element_vars (fkey_gui_id,fkey_e_id,var_name,var_value,context,type) VALUES ('".$guiList1."','".$e_id."','".$row["var_name"]."','".$row["var_value"]."','".$row["context"]."','".$row["type"]."');";
- //echo $securesql."<BR>";
- $secureinsert = db_query($securesql);
- }
- }
+ $securesql = "INSERT INTO gui_element_vars (fkey_gui_id, ";
+ $securesql .= "fkey_e_id, var_name, var_value, context,type) ";
+ $securesql .= "VALUES ($1, $2, $3, $4, $5, $6)";
+ $v = array($guiList1, $e_id, $row["var_name"], $row["var_value"], $row["context"], $row["type"]);
+ $t = array("s", "s", "s", "s", "s", "s");
+ //echo $securesql."<BR>";
+ $secureinsert = db_prep_query($securesql, $v, $t);
+ }
+ }
if(!$res){break;}
}
if(isset($myDelete) && $myDelete == '1'){
- $sql = "DELETE FROM gui_element WHERE e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
+ $v = array($e_id, $guiList1);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
$e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
$e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -185,33 +217,47 @@
echo "</script>";
}
if(isset($all) && $all == '1'){
- $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1";
+ $v = array($guiList2);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_del = "DELETE FROM gui_element WHERE fkey_gui_id = '".$guiList1."' AND e_id = '".db_result($res,$cnt,"e_id")."'";
- $res_del = db_query($sql_del);
+ $sql_del = "DELETE FROM gui_element WHERE fkey_gui_id = $1 AND e_id = $2";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"));
+ $t = array("s", "s");
+ $res_del = db_prep_query($sql_del, $v, $t);
if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
- $sql_ins = "INSERT INTO gui_element(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
- $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
-
- $res_ins = db_query($sql_ins);
+ $sql_ins = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, ";
+ $sql_ins .= "e_comment, e_element, e_src, e_attributes, e_left, e_top, ";
+ $sql_ins .= "e_width, e_height, e_z_index, e_more_styles, e_content, ";
+ $sql_ins .= "e_closetag, e_js_file, e_mb_mod, e_target, e_requires) ";
+ $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+ $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, $19);";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
+
+ $res_ins = db_prep_query($sql_ins, $v, $t);
if(!$res_ins){echo db_error($con); }
$cnt++;
}
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1";
+ $v = array($guiList2);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_ins2 = "INSERT INTO gui_element_vars(fkey_gui_id,fkey_e_id,var_name,var_value,context,type) ";
- $sql_ins2 .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"fkey_e_id")."','".db_result($res,$cnt,"var_name")."','".db_escape_string(db_result($res,$cnt,"var_value"))."','".db_escape_string(db_result($res,$cnt,"context"))."','".db_result($res,$cnt,"type")."')";
- $res_ins2 = db_query($sql_ins2);
+ $sql_ins2 = "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, ";
+ $sql_ins2 .= "var_name, var_value, context, type) VALUES (";
+ $sql_ins2 .= "$1, $2, $3, $4, $5, $6);";
+ $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), db_result($res,$cnt,"var_name"), db_escape_string(db_result($res,$cnt,"var_value")), db_escape_string(db_result($res,$cnt,"context")), db_result($res,$cnt,"type"));
+ $t = array("s", "s", "s", "s", "s", "s");
+ $res_ins2 = db_prep_query($sql_ins2, $v, $t);
if(!$res_ins2){echo db_error($connect); }
$cnt++;
@@ -223,8 +269,10 @@
echo "<script language='javascript'>";
echo "var guiIDs = new Array();";
if(isset($guiList1)){
- $sql = "SELECT e_id FROM gui_element WHERE fkey_gui_id = '".$guiList1."'";
- $res = db_query($sql);
+ $sql = "SELECT e_id FROM gui_element WHERE fkey_gui_id = $1";
+ $v = array($guiList1);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
echo "guiIDs[".$cnt."] = '".db_result($res,$cnt,"e_id")."'; ";
@@ -313,14 +361,20 @@
$permguis = $admin->getGuisByPermission($_SESSION["mb_user_id"],true);
echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>\n";
-$sql = "SELECT * from gui WHERE gui.gui_id IN(";
-for($i=0; $i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
+$sql = "SELECT * from gui WHERE gui.gui_id IN (";
+$v = $ownguis;
+$t = array();
+
+for ($i = 1; $i <= count($ownguis); $i++) {
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ")";
//echo $sql;
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
$count=0;
while(db_fetch_row($res)){
$gui_id_own[$count]=db_result($res,$count,"gui_id");
@@ -330,13 +384,19 @@
}
-$sql = "SELECT * from gui WHERE gui.gui_id IN(";
-for($i=0; $i<count($permguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$permguis[$i]."'";
+$sql = "SELECT * from gui WHERE gui.gui_id IN (";
+$v = $permguis;
+$t = array();
+
+for ($i = 1; $i <= count($permguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ")";
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
$gui_id_perm[$count]= $row["gui_id"];
@@ -413,8 +473,10 @@
else{
echo "<div class='guiList2_header'>Templates</div>\n";
}
- $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."' ORDER BY e_id";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 ORDER BY e_id";
+ $v = array($guiList2);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<div class='myElements'>\n<table>\n";
@@ -440,8 +502,10 @@
#Formular:
echo "<table class='myForm'>\n";
if(isset($myElement)){
- $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."' AND e_id = '".$myElement."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 AND e_id = $2";
+ $v = array($guiList2, $myElement);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
if(db_fetch_row($res)){
echo "<tr><td>ID: </td><td><input type='text' class='textfield' name='e_id' value='".db_result($res,0,"e_id")."'></td></tr>\n";
echo "<tr><td>Position: </td><td><input type='text' class='textfield' name='e_pos' value='".db_result($res,0,"e_pos")."'></td></tr>\n";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_evalArea.php
===================================================================
--- tags/2.4.4/http/php/mod_evalArea.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_evalArea.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -20,6 +20,7 @@
include '../include/dyn_css.php';
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
+require_once(dirname(__FILE__)."/../classes/class_mb_exception.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
@@ -61,55 +62,71 @@
$posY = explode (",", $y);
-if(SYS_DBTYPE=='pgsql'){
- if(count($posX) > 3){
- $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
- for($i=0; $i<count($posX); $i++){
- if($i>0){$sql .= ",";}
- $sql .= $posX[$i] . " " . $posY[$i];
- }
- $sql .= ")))',".rawurldecode($epsg).")) as myArea";
- $res = db_query($sql);
- if($row = db_fetch_array($res)){
- echo "Fläche: ".round($row[0]*100)/100 . " m<sup>2</sup>";
- }
+// check if parameters are valid geometries to
+// avoid SQL injections
+$regExp = "/\d(,\d)*/";
+if (preg_match($regExp, $x) && preg_match($regExp, $y)) {
+
+ if(SYS_DBTYPE=='pgsql'){
+ if (count($posX) > 3) {
+ $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
+ for ($i = 0; $i < count($posX); $i++) {
+ if ($i > 0) {
+ $sql .= ",";
+ }
+ $sql .= $posX[$i] . " " . $posY[$i];
+ }
+ $sql .= ")))',".rawurldecode($epsg).")) as myArea";
+
+ // the input parameters are valid
+ $res = db_query($sql);
+ if($row = db_fetch_array($res)){
+ echo "Fläche: ".round($row[0]*100)/100 . " m<sup>2</sup>";
+ }
+ }
+ else{
+ echo "Fläche: 0 m<sup>2</sup>";
+ }
+ }else{
+ #echo "Fl�chenberechnung f�r MySQL liegt derzeit nicht vor<br></sup>";
+ #$con = db_connect($GEOS_DBSERVER,$GEOS_PORT,$GEOS_OWNER,$GEOS_PW);
+ #db_select_db($GEOS_DBSERVER,$con);
+ $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
+
+ $con = pg_connect($con_string) or die ("Error while connecting database");
+
+
+ if(count($posX) > 3){
+ $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
+ $i==0;
+ for($i=0; $i<count($posX); $i++){
+ if($i>0){$sql .= ",";}
+ $sql .= $posX[$i] . " " . $posY[$i];
+ }
+ $sql .= ")))',".rawurldecode($epsg).")) as myArea";
+ $res = pg_query($con,$sql);
+
+ $cnt = 0;
+ while(pg_fetch_row($res)){
+ $area = pg_fetch_result($res,$cnt,0);
+ echo "Fläche: ".round($area*100)/100 . " m<sup>2</sup>";
+ $cnt++;
+ }
+ }
+ else{
+ echo "Fläche: 0 m<sup>2</sup>";
+ }
}
- else{
- echo "Fläche: 0 m<sup>2</sup>";
- }
-}else{
- #echo "Flächenberechnung für MySQL liegt derzeit nicht vor<br></sup>";
- #$con = db_connect($GEOS_DBSERVER,$GEOS_PORT,$GEOS_OWNER,$GEOS_PW);
- #db_select_db($GEOS_DBSERVER,$con);
- $con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
- $con = pg_connect($con_string) or die ("Error while connecting database");
-
-
- if(count($posX) > 3){
- $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
- $i==0;
- for($i=0; $i<count($posX); $i++){
- if($i>0){$sql .= ",";}
- $sql .= $posX[$i] . " " . $posY[$i];
- }
- $sql .= ")))',".rawurldecode($epsg).")) as myArea";
- $res = pg_query($con,$sql);
-
- $cnt = 0;
- while(pg_fetch_row($res)){
- $area = pg_fetch_result($res,$cnt,0);
- echo "Fläche: ".round($area*100)/100 . " m<sup>2</sup>";
- $cnt++;
- }
- }
- else{
- echo "Fläche: 0 m<sup>2</sup>";
- }
+ echo "<br>";
+ echo "Umfang: ". $length . " m";
+}
+else {
+ $e = new mb_exception("mod_evalArea.php: invalid input geometry; coordinates not float values.");
+ echo "Fläche: 0 m<sup>2</sup>";
}
-echo "<br>";
-echo "Umfang: ". $length . " m";
+
#Centroid(geometry)
/*
$sql = "SELECT Centroid(GeometryFromText('MULTIPOLYGON(((";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_gazLayerObj_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_gazLayerObj_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_gazLayerObj_conf.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -76,9 +76,11 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
- $sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = '".$_REQUEST["myWFS"]."' ";
- $sql .= "WHERE fkey_gui_id='".$_REQUEST["gui"]."' AND fkey_layer_id=".$_REQUEST["layer"];
- $res = db_query($sql);
+ $sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = $1 ";
+ $sql .= "WHERE fkey_gui_id = $2 AND fkey_layer_id = $3";
+ $v = array($_REQUEST["myWFS"], $_REQUEST["gui"], $_REQUEST["layer"]);
+ $t = array("s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
echo "layer is connected with: ".$_REQUEST["myWFS"];
die();
}
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_gazLayerObj_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_gazLayerObj_edit.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_gazLayerObj_edit.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -54,29 +54,34 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE gazetteer SET ";
- $sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."'";
- $sql .= " WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"].";";
+ $sql .= "gazetteer_abstract = $1, ";
+ $sql .= "g_label = $2, ";
+ $sql .= "g_label_id = $3, ";
+ $sql .= "g_button = $4, ";
+ $sql .= "g_button_id = $5, ";
+ $sql .= "g_style = $6, ";
+ $sql .= "g_buffer = $7 ";
+ $sql .= "WHERE gazetteer_id = $8;";
- $res = db_query($sql);
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["fkey_gazetteer_id"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
- for($i=0; $i<count($_REQUEST["f_id"]); $i++){
+ for ($i = 0; $i < count($_REQUEST["f_id"]); $i++){
$sql = "UPDATE gazetteer_element SET ";
- $sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
- $sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
- $sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
- $sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
+ $sql .= "f_search = $1, ";
+ $sql .= "f_pos = $2, ";
+ $sql .= "f_style_id = $3, ";
+ $sql .= "f_label = $4, ";
+ $sql .= "f_label_id = $5, ";
+ $sql .= "f_show = $6, ";
+ $sql .= "f_respos = $7 ";
+ $sql .= "WHERE fkey_gazetteer_id = $8 AND f_id = $9;";
- $res = db_query($sql);
+ $v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["fkey_gazetteer_id"], $_REQUEST["f_id"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "i");
+
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -92,8 +97,10 @@
/* configure elements */
if(isset($_REQUEST["fkey_gazetteer_id"])){
- $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
- $res = db_query($sql);
+ $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+ $v = array($_REQUEST["fkey_gazetteer_id"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>ID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -110,8 +117,10 @@
/* set element options */
$sql = "SELECT * FROM gazetteer_element ";
$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
- $res = db_query($sql);
+ $sql .= "WHERE fkey_gazetteer_id = $1";
+ $v = array($_REQUEST["fkey_gazetteer_id"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr>";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_gazetteer_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_gazetteer_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_gazetteer_conf.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -72,36 +72,22 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "INSERT INTO gazetteer (gazetteer_abstract,fkey_wfs_id,fkey_featuretype_id,g_label,g_label_id,g_button,g_button_id,g_style,g_buffer,g_res_style,g_use_wzgraphics) VALUES(";
- $sql .= "'".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "'".$_REQUEST["wfs"]."',";
- $sql .= "'".$_REQUEST["featuretype"]."',";
- $sql .= "'".$_REQUEST["g_label"]."',";
- $sql .= "'".$_REQUEST["g_label_id"]."',";
- $sql .= "'".$_REQUEST["g_button"]."',";
- $sql .= "'".$_REQUEST["g_button_id"]."',";
- $sql .= "'".$_REQUEST["g_style"]."',";
- $sql .= "'".$_REQUEST["g_buffer"]."',";
- $sql .= "'".$_REQUEST["g_res_style"]."',";
- $sql .= $_REQUEST["g_use_wzgraphics"];
- $sql .= "); ";
-
- $res = db_query($sql);
+ $sql = "INSERT INTO gazetteer (gazetteer_abstract, fkey_wfs_id, ";
+ $sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
+ $sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics) ";
+ $sql .= "VALUES($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11);";
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["g_use_wzgraphics"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
$wfsID = db_insert_id($con);
for($i=0; $i<count($_REQUEST["f_id"]); $i++){
- $sql = "INSERT INTO gazetteer_element (fkey_gazetteer_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos) VALUES(";
- $sql .= "'".$wfsID."',";
- $sql .= "'".$_REQUEST["f_id"][$i]."',";
- $sql .= "'".$_REQUEST["f_search"][$i]."',";
- $sql .= "'".$_REQUEST["f_pos"][$i]."',";
- $sql .= "'".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "'".$_REQUEST["f_toupper"][$i]."',";
- $sql .= "'".$_REQUEST["f_label"][$i]."',";
- $sql .= "'".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "'".$_REQUEST["f_show"][$i]."',";
- $sql .= "'".$_REQUEST["f_respos"][$i]."'";
- $sql .= "); ";
- $res = db_query($sql);
+ $sql = "INSERT INTO gazetteer_element (fkey_gazetteer_id, ";
+ $sql .= "f_id, f_search, f_pos, f_style_id, f_toupper, f_label, ";
+ $sql .= "f_label_id, f_show, f_respos) VALUES (";
+ $sql .= "$1, $2, $3, $4, $5, $6, $7, $8, $9, $10);";
+ $v = array($wfsID, $_REQUEST["f_id"][$i], $_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_toupper"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
}
}
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_gazetteer_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_gazetteer_edit.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_gazetteer_edit.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -56,31 +56,34 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE gazetteer SET ";
- $sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."',";
- $sql .= "g_res_style = '".$_REQUEST["g_res_style"]."',";
- $sql .= "g_use_wzgraphics = ".$_REQUEST["g_use_wzgraphics"];
- $sql .= " WHERE gazetteer_id = ".$_REQUEST["gaz"].";";
- $res = db_query($sql);
+ $sql .= "gazetteer_abstract = $1, ";
+ $sql .= "g_label = $2, ";
+ $sql .= "g_label_id = $3, ";
+ $sql .= "g_button = $4, ";
+ $sql .= "g_button_id = $5, ";
+ $sql .= "g_style = $6, ";
+ $sql .= "g_buffer = $7, ";
+ $sql .= "g_res_style = $8, ";
+ $sql .= "g_use_wzgraphics = $9 ";
+ $sql .= "WHERE gazetteer_id = $10;";
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["g_use_wzgraphics"], $_REQUEST["gaz"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i");
+ $res = db_prep_query($sql, $v, $t);
for($i=0; $i<count($_REQUEST["f_id"]); $i++){
$sql = "UPDATE gazetteer_element SET ";
- $sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
- $sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "f_toupper = '".$_REQUEST["f_toupper"][$i]."',";
- $sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
- $sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
- $sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
-
- $res = db_query($sql);
+ $sql .= "f_search = $1, ";
+ $sql .= "f_pos = $2, ";
+ $sql .= "f_style_id = $3, ";
+ $sql .= "f_toupper = $4, ";
+ $sql .= "f_label = $5, ";
+ $sql .= "f_label_id = $6, ";
+ $sql .= "f_show = $7, ";
+ $sql .= "f_respos = $8 ";
+ $sql .= "WHERE fkey_gazetteer_id = $9 AND f_id = $10;";
+ $v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_toupper"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["gaz"], $_REQUEST["f_id"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i");
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -110,8 +113,10 @@
/* configure elements */
if(isset($_REQUEST["gaz"])){
- $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["gaz"];
- $res = db_query($sql);
+ $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>GazetterID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -132,9 +137,11 @@
/* set element options */
$sql = "SELECT * FROM gazetteer_element ";
$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["gaz"];
+ $sql .= "WHERE fkey_gazetteer_id = $1";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
echo $sql;
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr>";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_getStyles.php
===================================================================
--- tags/2.4.4/http/php/mod_getStyles.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_getStyles.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -81,7 +81,7 @@
{
global $proxy_name,$proxy_port,$proxy_cont,$proxy_user,$proxy_pass;
//echo $proxy_user;
- $proxy_fp = fsockopen($proxy_name, $proxy_port) or die ("Fehler beim öffnen der Verbindung zum Proxy");
+ $proxy_fp = fsockopen($proxy_name, $proxy_port) or die ("Fehler beim �ffnen der Verbindung zum Proxy");
if (!$proxy_fp) {return false;}
$headers = "GET $proxy_url HTTP/1.0\r\nHost: $proxy_name\r\n";
$headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($proxy_user . ':' . $proxy_pass)."\r\nConnection: Keep-Alive\r\n\r\n";
@@ -126,9 +126,12 @@
@fclose($style_xml);
fclose($style_file);
#include(dirname(__FILE__)."/../../conf/www.conf");
- $sql = "UPDATE wms SET wms_filter = '".str_replace(basename($login),$style_filename,$login)."' WHERE wms_id = ". $wmsList;
+ $pattern = "/" . basename($login) . "/";
+ $sql = "UPDATE wms SET wms_filter = $1 WHERE wms_id = $2";
+ $v = array(preg_replace($pattern,$style_filename,$login), $wmsList);
+ $t = array("s", "i");
echo $sql;
- db_query($sql) or die("unable to change filter!");
+ db_prep_query($sql, $v, $t) or die("unable to change filter!");
}
###
@@ -141,8 +144,10 @@
# getStyle - Request:
if($wmsList && $row["wms_id"] == $wmsList){
$getStyle = $row["wms_getmap"]."&VERSION=1.1.1&REQUEST=getStyles&SERVICE=WMS&LAYERS=";
- $sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = " . $wmsList;
- $res_style = db_query($sql_style);
+ $sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = $1";
+ $v = array($wmsList);
+ $t = array("i");
+ $res_style = db_prep_query($sql_style, $v, $t);
$cnt_style = 0;
while($row2 = db_fetch_array($res_style)){
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_loadCapabilitiesList.php
===================================================================
--- tags/2.4.4/http/php/mod_loadCapabilitiesList.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_loadCapabilitiesList.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -154,8 +154,10 @@
$cnt++;
}
- $sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = '".$guiID."' AND gui_layer_wms_id = ".$wmsID;
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = $1 AND gui_layer_wms_id = $2";
+ $v = array($guiID, $wmsID);
+ $t = array("s", "i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$sql_ins = "INSERT INTO gui_layer (fkey_gui_id,fkey_layer_id,gui_layer_wms_id,gui_layer_status,gui_layer_selectable,";
@@ -180,12 +182,17 @@
echo"<br>";
$sql = "SELECT * FROM gui WHERE gui_id IN (";
- for($i=0; $i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
+ $v = $ownguis;
+ $t = array();
+ for ($i = 1; $i <= count($ownguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$".$i;
+ array_push($t, "s");
}
$sql .= ") ORDER BY gui_name";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
echo"<select size='8' name='guiList' style='width:200px' onClick='submit()'>";
while($row = db_fetch_array($res)){
@@ -236,12 +243,17 @@
echo"<div class='text1'>Load WMS</div>";
$sql = "SELECT DISTINCT wms.wms_id,wms.wms_title,wms.wms_abstract,wms.wms_owner FROM gui_wms JOIN wms ON ";
$sql .= "wms.wms_id = gui_wms.fkey_wms_id WHERE gui_wms.fkey_gui_id IN(";
- for($i=0; $i<count($arrayGUIs); $i++){
- if($i>0){$sql .= ",";}
- $sql .= "'".$arrayGUIs[$i]."'";
+ $v = $arrayGUIs;
+ $t = array();
+ for ($i = 1; $i <= count($arrayGUIs); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ") ORDER BY wms.wms_title";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
echo "<select class='select1' name='wmsID' size='20' onchange='submit()'>";
$cnt = 0;
while($row = db_fetch_array($res)){
@@ -263,8 +275,10 @@
if(isset($wmsID)){
echo "<div class='text2'>FROM:</div>";
- $sql = "SELECT * from gui_wms WHERE fkey_wms_id ='".$wmsID."' ORDER BY fkey_gui_id";
- $res = db_query($sql);
+ $sql = "SELECT * from gui_wms WHERE fkey_wms_id = $1 ORDER BY fkey_gui_id";
+ $v = array($wmsID);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
echo "<select class='select2' name='guiID' size='20' onchange='load()'>";
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_map1.php
===================================================================
--- tags/2.4.4/http/php/mod_map1.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_map1.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -37,8 +37,10 @@
<title>mod_map1</title>
<?php
-$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_width = $row["e_width"];
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_mapOV.php
===================================================================
--- tags/2.4.4/http/php/mod_mapOV.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_mapOV.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -45,8 +45,10 @@
?>
<?php
$gui_id = $_SESSION["mb_user_gui"];
-$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<script type='text/javascript'>";
while($row = db_fetch_array($res)){
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_simpleWMSpreferences.php
===================================================================
--- tags/2.4.4/http/php/mod_simpleWMSpreferences.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_simpleWMSpreferences.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -76,8 +76,10 @@
<?php
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_treefolderAdmin.php
===================================================================
--- tags/2.4.4/http/php/mod_treefolderAdmin.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_treefolderAdmin.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -434,21 +434,28 @@
// this is a multinary tree structure which is easy to
// populate with database data :)
<?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
if(!db_fetch_row($res)){
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
- db_query($sql);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
}
-
+
$sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
$sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
$sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title, ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft;";
#echo $sql;
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
echo "function initArray(){";
echo "Note(0,-1,'','');";
$cnt = 0;
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_treefolderClient.php
===================================================================
--- tags/2.4.4/http/php/mod_treefolderClient.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_treefolderClient.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -78,8 +78,10 @@
// -->
</STYLE>
<?php
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = $1";
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
$e_target = db_result($res,0,"e_target");
@@ -548,21 +550,27 @@
// this is a multinary tree structure which is easy to
// populate with database data :)
<?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
if(!db_fetch_row($res)){
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
- db_query($sql);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
}
$sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
$sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
$sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title, ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft";
-
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
echo "function initArray(){";
echo "Note(0,-1,'','');";
$cnt = 0;
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_wfs_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_conf.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_wfs_conf.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -89,62 +89,74 @@
db_select_db($DB,$con);
- $sql = "INSERT INTO wfs_conf (wfs_conf_abstract,fkey_wfs_id,fkey_featuretype_id,g_label,g_label_id,g_button,g_button_id,g_style,g_buffer,g_res_style,g_use_wzgraphics) VALUES(";
- $sql .= "'".$_REQUEST["wfs_conf_abstract"]."',";
- $sql .= "'".$_REQUEST["wfs"]."',";
- $sql .= "'".$_REQUEST["featuretype"]."',";
- $sql .= "'".$_REQUEST["g_label"]."',";
- $sql .= "'".$_REQUEST["g_label_id"]."',";
- $sql .= "'".$_REQUEST["g_button"]."',";
- $sql .= "'".$_REQUEST["g_button_id"]."',";
- $sql .= "'".$_REQUEST["g_style"]."',";
- $sql .= "'".$_REQUEST["g_buffer"]."',";
- $sql .= "'".$_REQUEST["g_res_style"]."',";
- if(!empty($_REQUEST["g_use_wzgraphics"])){
+ $sql = "INSERT INTO wfs_conf (";
+ $sql .= "wfs_conf_abstract, fkey_wfs_id, ";
+ $sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
+ $sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics";
+ $sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, ";
+ if (!empty($_REQUEST["g_use_wzgraphics"])) {
$sql .= "'1'";
- }else{$sql .= "'0'";}
+ }
+ else {
+ $sql .= "'0'";
+ }
$sql .= "); ";
+
+ $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
+
+ $wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
- $res = db_query($sql);
- $wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
- for($i=0; $i<$_REQUEST["num"]; $i++){
+ for ($i = 0; $i < $_REQUEST["num"]; $i++){
$sql = "INSERT INTO wfs_conf_element (fkey_wfs_conf_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos,f_edit,f_form_element_html,f_mandatory) VALUES(";
- $sql .= "'".$wfsID."',";
- $sql .= "'".$_REQUEST["f_id".$i]."',";
- if(!empty($_REQUEST["f_search".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_pos".$i]."',";
- $sql .= "'".$_REQUEST["f_style_id".$i]."',";
- if(!empty($_REQUEST["f_toupper".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_label".$i]."',";
- $sql .= "'".$_REQUEST["f_label_id".$i]."',";
- if(!empty($_REQUEST["f_show".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_respos".$i]."'";
- $sql .= ",";
- if(!empty($_REQUEST["f_edit".$i])){
- $sql .= "'1',";
- }else{$sql .= "'0',";}
- $sql .= "'".$_REQUEST["f_form_element_html".$i]."',";
- if(!empty($_REQUEST["f_mandatory".$i])){
+ $sql .= "$1, $2, ";
+ if (!empty($_REQUEST["f_search".$i])) {
$sql .= "'1'";
- }else{$sql .= "'0'";}
-// $sql .= ", ";
-// $sql .= "'".addslashes($_REQUEST["f_auth_varname".$i]);
-// $sql .= "'";
- $sql .= "); ";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= ", $3, $4, ";
+ if (!empty($_REQUEST["f_toupper".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= ",$5, $6, ";
+ if (!empty($_REQUEST["f_show".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0',";
+ }
+ $sql .= ", $7, ";
+ if (!empty($_REQUEST["f_edit".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= ",$8, ";
+ if (!empty($_REQUEST["f_mandatory".$i])) {
+ $sql .= "'1'";
+ }
+ else {
+ $sql .= "'0'";
+ }
+ $sql .= "); ";
- $res = db_query($sql);
+ $v = array($wfsID, $_REQUEST["f_id".$i], $_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], $_REQUEST["f_form_element_html".$i], $_REQUEST["f_auth_varname".$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
}
if (isset($_REQUEST["f_geom"])) {
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 1";
- $sql .= " WHERE fkey_wfs_conf_id = ".$wfsID." AND f_id = ".$_REQUEST["f_geom"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
+ $v = array($wfsID, $_REQUEST["f_geom"]);
+ $t = array("i", "i");
+ $res = db_prep_query($sql, $v, $t);
}
echo "<script language='javascript'>";
@@ -271,8 +283,7 @@
echo "<td><input name='f_respos".$i."' type='text' size='1' value='0'></td>";
echo "<td><input name='f_mandatory".$i."' type='checkbox'></td>";
echo "<td><input name='f_edit".$i."' type='checkbox'></td>";
- echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' ></textarea></td>";
-// echo "<td><input name='f_auth_varname".$cnt."' type='text' size='8' value='".$row["f_auth_varname"]."'></td>";
+ echo "<td><textarea name='f_form_element_html".$i."' cols='15' rows='1' ></textarea></td>";
echo "</tr>";
}
echo "</table>";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_wfs_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_edit.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_wfs_edit.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -58,78 +58,89 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE wfs_conf SET ";
- $sql .= "wfs_conf_abstract = '".$_REQUEST["wfs_conf_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."',";
- $sql .= "g_res_style = '".$_REQUEST["g_res_style"]."',";
- $sql .= "g_use_wzgraphics = ";
- if(!empty($_REQUEST["g_use_wzgraphics"])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= " WHERE wfs_conf_id = ".$_REQUEST["gaz"].";";
+ $sql .= "wfs_conf_abstract = $1, g_label = $2, ";
+ $sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
+ $sql .= "g_buffer = $7, g_res_style = $8, g_use_wzgraphics = ";
+ if (!empty($_REQUEST["g_use_wzgraphics"])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= " WHERE wfs_conf_id = $9;";
- $res = db_query($sql);
+ $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["gaz"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
if (isset($_REQUEST["f_geom"])) {
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 1";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_geom"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
+ $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $t = array("i", "s");
+ $res = db_prep_query($sql);
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 0";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id <> ".$_REQUEST["f_geom"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id <> $2;";
+ $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $t = array("i", "s");
+ $res = db_prep_query($sql);
}
else {
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_geom = 0";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"].";";
- $res = db_query($sql);
+ $sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
+ $sql .= "WHERE fkey_wfs_conf_id = $1;";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql);
}
for($i=0; $i<$_REQUEST["num"]; $i++){
- $sql = "UPDATE wfs_conf_element SET ";
- $sql .= "f_search = '";
- if(!empty($_REQUEST["f_search".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_pos = '".$_REQUEST["f_pos".$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id".$i]."',";
+ $sql = "UPDATE wfs_conf_element SET f_search = '";
+ if (!empty($_REQUEST["f_search".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "', f_pos = $1, f_style_id = $2,";
$sql .= "f_toupper = '" ;
- if(!empty($_REQUEST["f_toupper".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_label = '".$_REQUEST["f_label".$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id".$i]."',";
+ if (!empty($_REQUEST["f_toupper".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "',f_label = $3, f_label_id = $4,";
$sql .= "f_show = '";
- if(!empty($_REQUEST["f_show".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_respos = '".$_REQUEST["f_respos".$i]."' ";
- $sql .= ",";
+ if (!empty($_REQUEST["f_show".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "',f_respos = $5,";
$sql .= "f_edit = '";
- if(!empty($_REQUEST["f_edit".$i])){
- $sql .= '1';
- }else{$sql .= '0';}
- $sql .= "',";
- $sql .= "f_form_element_html = '".addslashes($_REQUEST["f_form_element_html".$i]);
- $sql .= "',";
+ if (!empty($_REQUEST["f_edit".$i])) {
+ $sql .= "1";
+ }
+ else {
+ $sql .= "0";
+ }
+ $sql .= "', f_form_element_html = $6,";
$sql .= "f_mandatory = '";
- if(!empty($_REQUEST["f_mandatory".$i])){
+ if (!empty($_REQUEST["f_mandatory".$i])) {
$sql .= "1";
- }else{$sql .= "0";}
+ }
+ else {
+ $sql .= "0";
+ }
$sql .= "'";
- $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_id".$i].";";
- $res = db_query($sql);
+ $sql .= " WHERE fkey_wfs_conf_id = $8 AND f_id = $9;";
+
+ $v = array($_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], addslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i], $_REQUEST["gaz"], $_REQUEST["f_id".$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "s");
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -164,9 +175,11 @@
}
/* configure elements */
-if(isset($_REQUEST["gaz"])){
- $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = ".$_REQUEST["gaz"];
- $res = db_query($sql);
+if (isset($_REQUEST["gaz"])) {
+ $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>GazetterID:</td><td>".$row["wfs_conf_id"]."</td></tr>" ;
@@ -187,9 +200,10 @@
/* set element options */
$sql = "SELECT * FROM wfs_conf_element ";
$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." ORDER BY f_id";
-
- $res = db_query($sql);
+ $sql .= "WHERE fkey_wfs_conf_id = $1 ORDER BY f_id";
+ $v = array($_REQUEST["gaz"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr valign = bottom>";
Modified: tags/2.4.4_su/2.4.4_leak/http/php/mod_wfsrequest.php
===================================================================
--- tags/2.4.4/http/php/mod_wfsrequest.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/mod_wfsrequest.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -32,8 +32,8 @@
$sql .= "WHERE wfs_conf.wfs_conf_id = $1";
$v = array($_REQUEST['wfs_conf_id']);
-$t = array('i');
-$res = db_prep_query($sql,$v,$t);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
$g_res_style = $row["g_res_style"];
@@ -45,8 +45,8 @@
$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
$sql .= "AND wfs_conf_element.f_show = 1 ORDER BY wfs_conf_element.f_respos;";
$v = array($_REQUEST['wfs_conf_id']);
-$t = array('i');
-$res = db_prep_query($sql,$v,$t);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
$col = array();
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: tags/2.4.4_su/2.4.4_leak/http/php/nestedSets.php
===================================================================
--- tags/2.4.4/http/php/nestedSets.php 2008-01-21 09:19:43 UTC (rev 2000)
+++ tags/2.4.4_su/2.4.4_leak/http/php/nestedSets.php 2008-01-31 12:49:36 UTC (rev 2047)
@@ -58,16 +58,16 @@
if(value == 'insert'){
/*
if(document.forms[0].title.value == ''){alert("Bitte geben Sie einen Titel an."); permission = false; return;}
- if(document.forms[0].left.value == ''){alert("Wählen Sie eine Position."); permission = false; return;}
+ if(document.forms[0].left.value == ''){alert("W�hlen Sie eine Position."); permission = false; return;}
*/
if(document.forms[0].title.value == ''){alert("Please insert a title."); permission = false; return;}
if(document.forms[0].left.value == ''){alert("Please choose a position."); permission = false; return;}
- if(document.forms[0].wmsList.selectedIndex > 0 && document.forms[0].layer.selectedIndex == 0){alert("Wählen Sie einen Layer."); permission = false; return;}
+ if(document.forms[0].wmsList.selectedIndex > 0 && document.forms[0].layer.selectedIndex == 0){alert("W�hlen Sie einen Layer."); permission = false; return;}
if(permission == true){document.forms[0].action.value = "insert"; document.forms[0].submit();}
}
if(value == 'delete'){
- //permission = confirm("Soll das Objekt mit Inhalten gelöscht werden?");
+ //permission = confirm("Soll das Objekt mit Inhalten gel�scht werden?");
permission = confirm("Do you want to delete the object and the content of the object?");
if(permission == true){
document.forms[0].action.value = "delete";
@@ -77,7 +77,7 @@
if(value == 'update'){
/*
if(document.forms[0].title.value == ''){alert("Bitte geben Sie einen Titel an."); permission = false; return;}
- if(document.forms[0].left.value == ''){alert("Bitte wählen Sie eine Position."); permission = false; return;}
+ if(document.forms[0].left.value == ''){alert("Bitte w�hlen Sie eine Position."); permission = false; return;}
*/
if(document.forms[0].title.value == ''){alert("Please fill in a labeling."); permission = false; return;}
@@ -87,10 +87,10 @@
}
if(value == 'add'){
/*
- if(document.forms[0].left.value == ''){alert("Bitte wählen Sie eine Position."); permission = false; return;}
- if(document.forms[0].guiList.selectedIndex == 0){alert("Bitte wählen Sie eine GUI."); permission = false; return;}
- if(document.forms[0].wmsList.selectedIndex == 0){alert("Bitte wählen Sie einen WMS."); permission = false; return;}
- if(document.forms[0].layer.selectedIndex == 0){alert("Bitte wählen Sie eine Ebene."); permission = false; return;}
+ if(document.forms[0].left.value == ''){alert("Bitte w�hlen Sie eine Position."); permission = false; return;}
+ if(document.forms[0].guiList.selectedIndex == 0){alert("Bitte w�hlen Sie eine GUI."); permission = false; return;}
+ if(document.forms[0].wmsList.selectedIndex == 0){alert("Bitte w�hlen Sie einen WMS."); permission = false; return;}
+ if(document.forms[0].layer.selectedIndex == 0){alert("Bitte w�hlen Sie eine Ebene."); permission = false; return;}
*/
if(document.forms[0].left.value == ''){alert("Please fill in a position."); permission = false; return;}
@@ -116,26 +116,31 @@
}
if(isset($action) && $action == "insert"){
$temp = explode("###", $layer);
- $sql = "SELECT rgt FROM gui_treegde WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "SELECT rgt FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $1";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ $res = db_prep_query($sql, $v, $t);
if($pos == 'in'){$left = $left + 1;}
else if($pos == 'hinter'){$left = db_result($res,0,"rgt") + 1;}
else{ $left = $left + 2;}
- $sql = "UPDATE gui_treegde SET rgt=rgt+2 WHERE rgt >=". $left." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "UPDATE gui_treegde SET lft=lft+2 WHERE lft >=".$left." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, fkey_layer_id, lft,rgt, my_layer_title, layer, wms_id) VALUES(";
- $sql .= "'".$guiList."', ";
- $sql .= "'".$temp[0]."', ";
- $sql .= $left.", ";
- $sql .= ($left+1).", ";
- $sql .= "'".$name."', ";
- $sql .= "'".$temp[1]."', ";
- $sql .= "'".$wmsList."'";
- $sql .= ")";
- #echo $sql . "<br>";
- db_query($sql);
+
+ $sql = "UPDATE gui_treegde SET rgt=rgt+2 WHERE rgt >= $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "UPDATE gui_treegde SET lft=lft+2 WHERE lft >= $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, fkey_layer_id, lft,rgt, ";
+ $sql .= "my_layer_title, layer, wms_id) VALUES($1, $2, $3, $4, $5, $6, $7)";
+ #echo $sql . "<br>";
+ $v = array($guiList, $temp[0], $left, ($left+1), $name, $temp[1], $wmsList);
+ $t = array("s", "s", "i", "i", "s", "s", "s");
+ db_prep_query($sql, $v, $t);
+
/*
if($layer == ""){
$left = $left + 1;
@@ -152,53 +157,79 @@
}
if(isset($action) && $action == "delete"){
if($left){
- $sql = "SELECT rgt FROM gui_treegde WHERE lft =". $left." AND fkey_gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "SELECT rgt FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ $res = db_prep_query($sql, $v, $t);
$right = db_result($res,0,"rgt");
- $sql = "DELETE FROM gui_treegde WHERE lft BETWEEN ".$left." and ".$right." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "UPDATE gui_treegde SET lft=lft-((".$right."-".$left."+1)) WHERE lft>".$right." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
- $sql = "UPDATE gui_treegde SET rgt=rgt-((".$right."-".$left."+1)) WHERE rgt>".$right." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
+
+ $sql = "DELETE FROM gui_treegde WHERE lft BETWEEN $1 and $2 AND fkey_gui_id = $3";
+ $v = array($left, $right, $guiList);
+ $t = array("i", "i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "UPDATE gui_treegde SET lft=lft-(($1 - $2 + 1)) WHERE lft > $3 AND fkey_gui_id = $4";
+ $v = array($right, $left, $right, $guiList);
+ $t = array("i", "i", "i", "s");
+ db_prep_query($sql, $v, $t);
+
+ $sql = "UPDATE gui_treegde SET rgt=rgt-(($1 - $2 + 1)) WHERE rgt > $3 AND fkey_gui_id = $4";
+ $v = array($right, $left, $right, $guiList);
+ $t = array("i", "i", "i", "s");
+ db_prep_query($sql, $v, $t);
}
}
if(isset($action) && $action == "update"){
$temp = explode("###", $layer);
$sql = "UPDATE gui_treegde SET ";
- $sql .= "my_layer_title = '".$name."', ";
- $sql .= "fkey_layer_id = '".$temp[0]."', ";
- $sql .= "layer = '".$temp[1]."', ";
- $sql .= "wms_id = '" . $wmsList."'";
- $sql .= " WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
- db_query($sql);
+ $sql .= "my_layer_title = $1, ";
+ $sql .= "fkey_layer_id = $2, ";
+ $sql .= "layer = $3, ";
+ $sql .= "wms_id = $4";
+ $sql .= " WHERE lft = $5 AND fkey_gui_id = $6";
+ $v = array($name, $temp[0], $temp[1], $wmsList, $left, $guiList);
+ $t = array("s", "s", "s", "s", "i", "s");
+ db_prep_query($sql, $v, $t);
}
if(isset($action) && $action == "add"){
$temp = explode("###", $layer);
- $sql_val = "SELECT * FROM gui_treegde WHERE lft =". $left." AND fkey_gui_id = '".$guiList."'";
- $res_val = db_query($sql_val);
+ $sql_val = "SELECT * FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $2";
+ $v = array($left, $guiList);
+ $t = array("i", "s");
+ $res = db_prep_query($sql_val, $v, $t);
$sql = "UPDATE gui_treegde SET ";
+ $sql .= "fkey_layer_id = $1, layer = $2, wms_id = $3 ";
+ $sql .= "WHERE lft = $4 AND fkey_gui_id = $5";
- $sql .= "fkey_layer_id = ";
- $sql .= "'";
- if(db_result($res_val, 0, "fkey_layer_id") != ''){ $sql .= db_result($res_val, 0, "fkey_layer_id") . ","; }
- $sql .= $temp[0] . "', ";
+ $v = array();
+ $t = array("s", "s", "s", "i", "s");
+
+ if (db_result($res_val, 0, "fkey_layer_id") != '') {
+ array_push($v, db_result($res_val, 0, "fkey_layer_id") . "," . $temp[0]);
+ }
+ else {
+ array_push($v, $temp[0]);
+ }
- $sql .= "layer = ";
- $sql .= "'";
- if(db_result($res_val, 0, "layer") != ''){ $sql .= db_result($res_val, 0, "layer") . ","; }
- $sql .= $temp[1] . "', ";
+ if (db_result($res_val, 0, "layer") != '') {
+ array_push($v, db_result($res_val, 0, "layer") . "," . $temp[1]);
+ }
+ else {
+ array_push($v, $temp[1]);
+ }
- $sql .= "wms_id = ";
- $sql .= "'";
- if(db_result($res_val, 0, "wms_id") != ''){ $sql .= db_result($res_val, 0, "wms_id") . ","; }
- $sql .= $wmsList . "' ";
-
- $sql .= " WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
- #echo $sql . "<br>";
- db_query($sql);
+ if (db_result($res_val, 0, "wms_id") != '') {
+ array_push($v, db_result($res_val, 0, "wms_id") . "," . $wmsList);
+ }
+ else {
+ array_push($v, $wmsList);
+ }
+
+ array_push($v, $left);
+ array_push($v, $guiList);
+ db_prep_query($sql, $v, $t);
}
?>
<br />
@@ -228,14 +259,19 @@
$admin = new administration();
$ownguis = $admin->getGuisByOwner($_SESSION["mb_user_id"],true);
-$sql = "SELECT * FROM gui WHERE gui_id IN ("; for($i=0;
-$i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
- }
+$sql = "SELECT * FROM gui WHERE gui_id IN (";
+$v = $ownguis;
+$t = array();
+for ($i = 1; $i <= count($ownguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
+}
$sql .= ") ORDER BY gui_name";
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<select class='guiList' size='10' name='guiList' class='guiList' onchange='document.forms[0].submit()'>";
echo "<option value=''>GUI ...</option>";
@@ -265,9 +301,11 @@
if(isset($guiList) && $guiList != ""){
$sql = "SELECT gui_wms.fkey_wms_id, wms.wms_title FROM gui_wms ";
$sql .= "INNER JOIN wms ON gui_wms.fkey_wms_id = wms.wms_id ";
- $sql .= "WHERE gui_wms.fkey_gui_id = '" . $guiList . "' ";
+ $sql .= "WHERE gui_wms.fkey_gui_id = $1 ";
$sql .= "ORDER BY wms.wms_title";
- $res = db_query($sql);
+ $v = array($guiList);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["fkey_wms_id"]."' ";
@@ -293,9 +331,11 @@
if(isset($wmsList) && $wmsList != ""){
$sql_l = "SELECT gui_layer.fkey_layer_id, layer.layer_name, layer.layer_title FROM gui_layer ";
$sql_l .= "LEFT JOIN layer ON gui_layer.fkey_layer_id = layer.layer_id ";
- $sql_l .= "WHERE gui_layer.gui_layer_wms_id = " . $wmsList . " AND layer.layer_parent = '0' AND gui_layer.fkey_gui_id = '".$guiList."'";
+ $sql_l .= "WHERE gui_layer.gui_layer_wms_id = $1 AND layer.layer_parent = '0' AND gui_layer.fkey_gui_id = $2";
$sql_l .= " ORDER BY layer.layer_title";
- $res_l = db_query($sql_l);
+ $v = array($wmsList, $guiList);
+ $t = array("i", "s");
+ $res_l = db_prep_query($sql_l, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res_l)){
echo "<option value='".$row["fkey_layer_id"]."###".$row["layer_name"]."'>";
More information about the Mapbender_commits
mailing list