[Mapbender-commits] r3581 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Fri Feb 20 08:26:21 EST 2009
Author: christoph
Date: 2009-02-20 08:26:21 -0500 (Fri, 20 Feb 2009)
New Revision: 3581
Modified:
trunk/mapbender/http/php/mod_wfs_conf.php
trunk/mapbender/http/php/mod_wfs_edit.php
Log:
http://trac.osgeo.org/mapbender/ticket/386
Modified: trunk/mapbender/http/php/mod_wfs_conf.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_conf.php 2009-02-20 13:24:42 UTC (rev 3580)
+++ trunk/mapbender/http/php/mod_wfs_conf.php 2009-02-20 13:26:21 UTC (rev 3581)
@@ -19,6 +19,12 @@
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
+
+foreach ($_POST as $key => &$value) {
+ if (is_string($value) && 1 === get_magic_quotes_gpc()) {
+ $value = stripslashes($value);
+ }
+}
?>
<html>
<head>
@@ -117,7 +123,7 @@
/* save wfs_conf properties */
-if(isset($_REQUEST["save"])){
+if(isset($_POST["save"])){
db_select_db($DB,$con);
@@ -126,7 +132,7 @@
$sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
$sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics";
$sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, ";
- if (!empty($_REQUEST["g_use_wzgraphics"])) {
+ if (!empty($_POST["g_use_wzgraphics"])) {
$sql .= "'1'";
}
else {
@@ -134,51 +140,62 @@
}
$sql .= "); ";
- $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"]);
+ $v = array(
+ $_POST["wfs_conf_abstract"],
+ $_POST["wfs"],
+ $_POST["featuretype"],
+ $_POST["g_label"],
+ $_POST["g_label_id"],
+ $_POST["g_button"],
+ $_POST["g_button_id"],
+ $_POST["g_style"],
+ $_POST["g_buffer"],
+ $_POST["g_res_style"]
+ );
$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
$res = db_prep_query($sql, $v, $t);
$wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
- for ($i = 0; $i < $_REQUEST["num"]; $i++){
+ for ($i = 0; $i < $_POST["num"]; $i++){
$sql = "INSERT INTO wfs_conf_element (fkey_wfs_conf_id,f_id,f_search,f_pos,f_min_input,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos,f_edit,f_form_element_html,f_mandatory,f_auth_varname,f_show_detail,f_detailpos,f_operator) VALUES(";
$sql .= "$1, $2, ";
- if (!empty($_REQUEST["f_search".$i])) {
+ if (!empty($_POST["f_search".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ", $3, $4, $5, ";
- if (!empty($_REQUEST["f_toupper".$i])) {
+ if (!empty($_POST["f_toupper".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ",$6, $7, ";
- if (!empty($_REQUEST["f_show".$i])) {
+ if (!empty($_POST["f_show".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ", $8, ";
- if (!empty($_REQUEST["f_edit".$i])) {
+ if (!empty($_POST["f_edit".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ",$9, ";
- if (!empty($_REQUEST["f_mandatory".$i])) {
+ if (!empty($_POST["f_mandatory".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ",$10,";
- if(!empty($_REQUEST["f_show_detail".$i])){
+ if(!empty($_POST["f_show_detail".$i])){
$sql .= "'1'";
}
else {
@@ -187,14 +204,14 @@
$sql .= ",$11,$12";
$sql .= "); ";
- $v = array($wfsID, $_REQUEST["f_id".$i], $_REQUEST["f_pos".$i], $_REQUEST["f_min_input".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], stripslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i], $_REQUEST["f_detailpos".$i], $_REQUEST["f_operator".$i]);
+ $v = array($wfsID, $_POST["f_id".$i], $_POST["f_pos".$i], $_POST["f_min_input".$i], $_POST["f_style_id".$i], $_POST["f_label".$i], $_POST["f_label_id".$i], $_POST["f_respos".$i], $_POST["f_form_element_html".$i], $_POST["f_auth_varname".$i], $_POST["f_detailpos".$i], $_POST["f_operator".$i]);
$t = array("i", "s", "s", "i", "s", "s", "s", "i", "s", "s", "i", "s");
$res = db_prep_query($sql, $v, $t);
}
- if (isset($_REQUEST["f_geom"])) {
+ if (isset($_POST["f_geom"])) {
$sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
$sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
- $v = array($wfsID, $_REQUEST["f_geom"]);
+ $v = array($wfsID, $_POST["f_geom"]);
$t = array("i", "i");
$res = db_prep_query($sql, $v, $t);
}
@@ -208,16 +225,16 @@
/* select wfs */
-if(isset($_REQUEST["wfs"]) && $_REQUEST["wfs"] == ""){
- unset($_REQUEST["wfs"]);
- unset($_REQUEST["featuretype"]);
+if(isset($_POST["wfs"]) && $_POST["wfs"] == ""){
+ unset($_POST["wfs"]);
+ unset($_POST["featuretype"]);
}
echo "<select name='wfs' onchange='selectWFS()'>";
echo "<option value=''>...</option>";
for($i=0; $i<count($aWFS->wfs_id);$i++){
echo "<option value='".$aWFS->wfs_id[$i]."' ";
- if(isset($_REQUEST["wfs"]) && $aWFS->wfs_id[$i] == $_REQUEST["wfs"]){
+ if(isset($_POST["wfs"]) && $aWFS->wfs_id[$i] == $_POST["wfs"]){
echo "selected";
}
echo ">".$aWFS->wfs_id[$i]." ".$aWFS->wfs_title[$i]."</option>";
@@ -230,10 +247,10 @@
/* select featuretype */
-if(isset($_REQUEST["wfs"])){
+if(isset($_POST["wfs"])){
for($i=0; $i<count($aWFS->wfs_id);$i++){
- if($aWFS->wfs_id[$i] == $_REQUEST["wfs"]){
+ if($aWFS->wfs_id[$i] == $_POST["wfs"]){
echo "<table>";
echo "<tr><td>ID:</td><td>".$aWFS->wfs_id[$i]."</td></tr>";
echo "<tr><td>Name:</td><td>".$aWFS->wfs_name[$i]."</td></tr>";
@@ -246,12 +263,12 @@
}
}
- $aWFS->getfeatures($_REQUEST["wfs"]);
+ $aWFS->getfeatures($_POST["wfs"]);
echo "<table>";
for($i=0; $i<count($aWFS->features->featuretype_id); $i++){
echo "<tr>";
echo "<td><input type='radio' name='featuretype' value='".$aWFS->features->featuretype_id[$i]."' onclick='submit()' ";
- if(isset($_REQUEST["featuretype"]) && $_REQUEST["featuretype"] == $aWFS->features->featuretype_id[$i]){
+ if(isset($_POST["featuretype"]) && $_POST["featuretype"] == $aWFS->features->featuretype_id[$i]){
echo "checked ";
}
echo "/></td>";
@@ -264,11 +281,11 @@
/* end select featuretype */
/* configure elements */
-if(isset($_REQUEST["featuretype"])){
+if(isset($_POST["featuretype"])){
for($i=0; $i<count($aWFS->features->featuretype_id); $i++){
- if($_REQUEST["featuretype"] == $aWFS->features->featuretype_id[$i]){
+ if($_POST["featuretype"] == $aWFS->features->featuretype_id[$i]){
echo "<hr>SRS: ".$aWFS->features->featuretype_srs[$i];
}
}
@@ -288,7 +305,7 @@
/* set element options */
- $aWFS->getelements($_REQUEST["featuretype"]);
+ $aWFS->getelements($_POST["featuretype"]);
echo "<table border='1'>";
echo "<tr valign = bottom>";
echo "<td>" . toImage('ID') . "</td>";
@@ -354,4 +371,4 @@
/* end configure elements */
?>
</form>
-</body>
\ No newline at end of file
+</body>
Modified: trunk/mapbender/http/php/mod_wfs_edit.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_edit.php 2009-02-20 13:24:42 UTC (rev 3580)
+++ trunk/mapbender/http/php/mod_wfs_edit.php 2009-02-20 13:26:21 UTC (rev 3581)
@@ -18,6 +18,12 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+
+foreach ($_POST as $key => &$value) {
+ if (is_string($value) && 1 === get_magic_quotes_gpc()) {
+ $value = stripslashes($value);
+ }
+}
?>
<html>
<head>
@@ -91,13 +97,13 @@
<?php
/* save wfs_conf properties */
-if(isset($_REQUEST["save"])){
+if(isset($_POST["save"])){
$sql = "UPDATE wfs_conf SET ";
$sql .= "wfs_conf_abstract = $1, g_label = $2, ";
$sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
$sql .= "g_buffer = $7, g_res_style = $8, g_use_wzgraphics = ";
- if (!empty($_REQUEST["g_use_wzgraphics"])) {
+ if (!empty($_POST["g_use_wzgraphics"])) {
$sql .= "1";
}
else {
@@ -105,35 +111,35 @@
}
$sql .= " WHERE wfs_conf_id = $9;";
- $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["gaz"]);
+ $v = array($_POST["wfs_conf_abstract"], $_POST["g_label"], $_POST["g_label_id"], $_POST["g_button"], $_POST["g_button_id"], $_POST["g_style"], $_POST["g_buffer"], $_POST["g_res_style"], $_POST["gaz"]);
$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
$res = db_prep_query($sql, $v, $t);
- if (isset($_REQUEST["f_geom"])) {
+ if (isset($_POST["f_geom"])) {
$sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
$sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
- $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $v = array($_POST["gaz"], $_POST["f_geom"]);
$t = array("i", "s");
$res = db_prep_query($sql, $v, $t);
$sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
$sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id <> $2;";
- $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $v = array($_POST["gaz"], $_POST["f_geom"]);
$t = array("i", "s");
$res = db_prep_query($sql, $v, $t);
}
else {
$sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
$sql .= "WHERE fkey_wfs_conf_id = $1;";
- $v = array($_REQUEST["gaz"]);
+ $v = array($_POST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
}
- for($i=0; $i<$_REQUEST["num"]; $i++){
+ for($i=0; $i<$_POST["num"]; $i++){
$sql = "UPDATE wfs_conf_element SET f_search = '";
- if (!empty($_REQUEST["f_search".$i])) {
+ if (!empty($_POST["f_search".$i])) {
$sql .= "1";
}
else {
@@ -141,7 +147,7 @@
}
$sql .= "', f_pos = $1, f_min_input = $2, f_style_id = $3,";
$sql .= "f_toupper = '" ;
- if (!empty($_REQUEST["f_toupper".$i])) {
+ if (!empty($_POST["f_toupper".$i])) {
$sql .= "1";
}
else {
@@ -149,7 +155,7 @@
}
$sql .= "',f_label = $4, f_label_id = $5,";
$sql .= "f_show = '";
- if (!empty($_REQUEST["f_show".$i])) {
+ if (!empty($_POST["f_show".$i])) {
$sql .= "1";
}
else {
@@ -157,7 +163,7 @@
}
$sql .= "',f_respos = $6,";
$sql .= "f_edit = '";
- if (!empty($_REQUEST["f_edit".$i])) {
+ if (!empty($_POST["f_edit".$i])) {
$sql .= "1";
}
else {
@@ -165,15 +171,15 @@
}
$sql .= "', f_form_element_html = $7,";
$sql .= "f_mandatory = '";
- if (!empty($_REQUEST["f_mandatory".$i])) {
+ if (!empty($_POST["f_mandatory".$i])) {
$sql .= "1";
}
else {
$sql .= "0";
}
$sql .= "', f_auth_varname = $8";
- $sql .= ", f_show_detail = '";
- if(!empty($_REQUEST["f_show_detail".$i])){
+ $sql .= ", f_show_detail = '";
+ if(!empty($_POST["f_show_detail".$i])){
$sql .= "1";
}
else {
@@ -183,7 +189,7 @@
$sql .= ", f_operator = $10";
$sql .= " WHERE fkey_wfs_conf_id = $11 AND f_id = $12;";
- $v = array($_REQUEST["f_pos".$i], $_REQUEST["f_min_input".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], stripslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i], $_REQUEST["f_detailpos".$i], $_REQUEST["f_operator".$i], $_REQUEST["gaz"], $_REQUEST["f_id".$i]);
+ $v = array($_POST["f_pos".$i], $_POST["f_min_input".$i], $_POST["f_style_id".$i], $_POST["f_label".$i], $_POST["f_label_id".$i], $_POST["f_respos".$i], $_POST["f_form_element_html".$i], $_POST["f_auth_varname".$i], $_POST["f_detailpos".$i], $_POST["f_operator".$i], $_POST["gaz"], $_POST["f_id".$i]);
$t = array("s", "i", "s", "s", "s", "s", "s", "s", "i", "s", "i", "s");
$res = db_prep_query($sql, $v, $t);
}
@@ -199,7 +205,7 @@
$cnt = 0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["wfs_conf_id"]."' ";
- if(isset($_REQUEST["gaz"]) && $row["wfs_conf_id"] == $_REQUEST["gaz"]){
+ if(isset($_POST["gaz"]) && $row["wfs_conf_id"] == $_POST["gaz"]){
echo "selected";
}
echo ">".$row["wfs_conf_id"]." ".$row["wfs_conf_abstract"]."</option>";
@@ -220,9 +226,9 @@
}
/* configure elements */
-if (isset($_REQUEST["gaz"])) {
+if (isset($_POST["gaz"])) {
$sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
- $v = array($_REQUEST["gaz"]);
+ $v = array($_POST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
@@ -246,7 +252,7 @@
$sql = "SELECT * FROM wfs_conf_element ";
$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
$sql .= "WHERE fkey_wfs_conf_id = $1 ORDER BY f_id";
- $v = array($_REQUEST["gaz"]);
+ $v = array($_POST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
@@ -307,8 +313,8 @@
echo "<td><input name='f_toupper".$cnt."' type='checkbox'";
if($row["f_toupper"] == 1){ echo " checked"; }
echo "></td>";
- echo "<td><input name='f_label".$cnt."' type='text' size='4' value='".$row["f_label"]."'></td>";
- echo "<td><input name='f_label_id".$cnt."' type='text' size='2' value='".$row["f_label_id"]."'></td>";
+ echo "<td><input name='f_label".$cnt."' type='text' size='4' value=\"".htmlentities($row["f_label"])."\"></td>";
+ echo "<td><input name='f_label_id".$cnt."' type='text' size='2' value=\"".htmlentities($row["f_label_id"])."\"></td>";
echo "<td><input name='f_show".$cnt."' type='checkbox'";
if($row["f_show"] == 1){ echo " checked"; }
echo "></td>";
@@ -323,8 +329,8 @@
echo "<td><input name='f_edit".$cnt."' type='checkbox'";
if($row["f_edit"] == 1){ echo " checked"; }
echo "></td>";
- echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' >".$row["f_form_element_html"]."</textarea></td>";
- echo "<td><input name='f_auth_varname".$cnt."' type='text' size='8' value='".$row["f_auth_varname"]."'></td>";
+ echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' >".htmlentities($row["f_form_element_html"])."</textarea></td>";
+ echo "<td><input name='f_auth_varname$cnt' type='text' size='8' value=\"" . htmlentities($row["f_auth_varname"]) . "\"></td>";
echo "<td><select name='f_operator".$cnt."' id='f_operator".$cnt."' ";
if($row["f_search"] != 1){
echo "disabled";
@@ -368,4 +374,4 @@
/* end configure elements */
?>
</form>
-</body>
\ No newline at end of file
+</body>
More information about the Mapbender_commits
mailing list