[Mapbender-commits] r10124 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu May 16 02:54:35 PDT 2019
Author: armin11
Date: 2019-05-16 02:54:35 -0700 (Thu, 16 May 2019)
New Revision: 10124
Modified:
trunk/mapbender/http/php/mod_callMetadata.php
Log:
Allow parameter userId only for localhost connections
Modified: trunk/mapbender/http/php/mod_callMetadata.php
===================================================================
--- trunk/mapbender/http/php/mod_callMetadata.php 2019-05-14 10:28:13 UTC (rev 10123)
+++ trunk/mapbender/http/php/mod_callMetadata.php 2019-05-16 09:54:35 UTC (rev 10124)
@@ -423,14 +423,24 @@
}
$userId = $testMatch;
$testMatch = NULL;
-#
+ //$e = new mb_exception('php/mod_callMetadata.php: script invoked from HOST: '.$_SERVER['HTTP_HOST']);
+ if ($_SERVER['HTTP_HOST'] == 'localhost' or $_SERVER['HTTP_HOST'] == '127.0.0.1') {
+ $e = new mb_notice('php/mod_callMetadata.php: script invoked locally and userId given from GET parameter: '.$userId);
+ } else {
+ $userId = Mapbender::session()->get("mb_user_id");
+ if ($userId == false) {
+ $userId = PUBLIC_USER;
+ }
+ }
} else { //look for id in session
$userId = Mapbender::session()->get("mb_user_id");
if ($userId == false) {
$userId = PUBLIC_USER;
- }
+ }
}
+//security check for getting userId - onlöy allowed if the parameter is set when invoking search from localhost or 127.0.0.1
+
#$searchResources = array('wms','wfs','wmc','georss');
#$searchPages = array(1,1,1,1);
More information about the Mapbender_commits
mailing list