[mapserver-commits] r8828 - branches/branch-4-10/mapserver
svn at osgeo.org
svn at osgeo.org
Thu Mar 26 00:37:57 EDT 2009
Author: sdlime
Date: 2009-03-26 00:37:57 -0400 (Thu, 26 Mar 2009)
New Revision: 8828
Modified:
branches/branch-4-10/mapserver/map.h
branches/branch-4-10/mapserver/mapserv.c
branches/branch-4-10/mapserver/mapstring.c
branches/branch-4-10/mapserver/maptemplate.c
Log:
RFC56 support.
Modified: branches/branch-4-10/mapserver/map.h
===================================================================
--- branches/branch-4-10/mapserver/map.h 2009-03-26 04:32:25 UTC (rev 8827)
+++ branches/branch-4-10/mapserver/map.h 2009-03-26 04:37:57 UTC (rev 8828)
@@ -137,8 +137,10 @@
/* General defines, not wrapable */
#ifndef SWIG
#define MS_DEFAULT_MAPFILE_PATTERN "\\.map$"
-#define MS_TEMPLATE_EXPR "\\.(jsp|asp|cfm|xml|wml|html|htm|shtml|phtml|php|svg)$"
+#define MS_TEMPLATE_MAGIC_STRING "MapServer Template"
+#define MS_TEMPLATE_EXPR "\\.(xml|wml|html|htm|svg|kml|gml|js|tmpl)$"
+
#define MS_INDEX_EXTENSION ".qix"
#define MS_QUERY_EXTENSION ".qy"
@@ -1377,6 +1379,7 @@
MS_DLL_EXPORT char *msJoinStrings(char **array, int arrayLength, const char *delimeter);
MS_DLL_EXPORT char *msHashString(const char *pszStr);
MS_DLL_EXPORT char *msCommifyString(char *str);
+MS_DLL_EXPORT const char *msCaseFindSubstring(const char *haystack, const char *needle);
#ifdef NEED_STRDUP
MS_DLL_EXPORT char *strdup(char *s);
Modified: branches/branch-4-10/mapserver/mapserv.c
===================================================================
--- branches/branch-4-10/mapserver/mapserv.c 2009-03-26 04:32:25 UTC (rev 8827)
+++ branches/branch-4-10/mapserver/mapserv.c 2009-03-26 04:37:57 UTC (rev 8828)
@@ -280,8 +280,21 @@
} else {
if(getenv(msObj->request->ParamValues[i])) /* an environment references the actual file to use */
map = msLoadMap(getenv(msObj->request->ParamValues[i]), NULL);
- else
+ else {
+ /* by here we know the request isn't for something in an environment variable */
+ if(getenv("MS_MAP_NO_PATH")) {
+ msSetError(MS_WEBERR, "Mapfile not found in environment variables and this server is not configured for full paths.", "loadMap()");
+ writeError();
+ }
+
+ if(getenv("MS_MAP_PATTERN") && msEvalRegex(getenv("MS_MAP_PATTERN"), msObj->request->ParamValues[i]) != MS_TRUE) {
+ msSetError(MS_WEBERR, "Parameter 'map' value fails to validate.", "loadMap()");
+ writeError();
+ }
+
+ /* ok to try to load now */
map = msLoadMap(msObj->request->ParamValues[i], NULL);
+ }
}
if(!map) writeError();
Modified: branches/branch-4-10/mapserver/mapstring.c
===================================================================
--- branches/branch-4-10/mapserver/mapstring.c 2009-03-26 04:32:25 UTC (rev 8827)
+++ branches/branch-4-10/mapserver/mapstring.c 2009-03-26 04:37:57 UTC (rev 8828)
@@ -933,3 +933,34 @@
return str;
}
+
+/************************************************************************/
+/* case incensitive equivalent of strstr */
+/************************************************************************/
+const char *msCaseFindSubstring(const char *haystack, const char *needle)
+{
+ if ( !*needle )
+ {
+ return haystack;
+ }
+ for ( ; *haystack; ++haystack )
+ {
+ if ( toupper(*haystack) == toupper(*needle) )
+ {
+ /* * Matched starting char -- loop through remaining chars. */
+ const char *h, *n;
+ for ( h = haystack, n = needle; *h && *n; ++h, ++n )
+ {
+ if ( toupper(*h) != toupper(*n) )
+ {
+ break;
+ }
+ }
+ if ( !*n ) /* matched all of 'needle' to null termination */
+ {
+ return haystack; /* return the start of the match */
+ }
+ }
+ }
+ return 0;
+}
Modified: branches/branch-4-10/mapserver/maptemplate.c
===================================================================
--- branches/branch-4-10/mapserver/maptemplate.c 2009-03-26 04:32:25 UTC (rev 8827)
+++ branches/branch-4-10/mapserver/maptemplate.c 2009-03-26 04:37:57 UTC (rev 8828)
@@ -136,6 +136,20 @@
char *processLine(mapservObj* msObj, char* instr, int mode);
+static int isValidTemplate(FILE *stream, const char *filename)
+{
+ char buffer[MS_BUFFER_LENGTH];
+
+ if(fgets(buffer, MS_BUFFER_LENGTH, stream) != NULL) {
+ if(!msCaseFindSubstring(buffer, MS_TEMPLATE_MAGIC_STRING)) {
+ msSetError(MS_WEBERR, "Missing magic string, %s doesn't look like a MapServer template.", "isValidTemplate()", filename);
+ return MS_FALSE;
+ }
+ }
+
+ return MS_TRUE;
+}
+
/*
* Redirect to (only use in CGI)
*
@@ -2452,6 +2466,11 @@
return(NULL);
}
+ if(isValidTemplate(stream, join->header) != MS_TRUE) {
+ fclose(stream);
+ return NULL;
+ }
+
/* echo file to the output buffer, no substitutions */
while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = strcatalloc(outbuf, line);
@@ -2461,8 +2480,13 @@
if((stream = fopen(msBuildPath(szPath, msObj->Map->mappath, join->template), "r")) == NULL) {
msSetError(MS_IOERR, "Error while opening join template file %s.", "processOneToManyJoin()", join->template);
return(NULL);
- }
+ }
+ if(isValidTemplate(stream, join->header) != MS_TRUE) {
+ fclose(stream);
+ return NULL;
+ }
+
records = MS_TRUE;
}
@@ -2477,6 +2501,7 @@
}
rewind(stream);
+ fgets(line, MS_BUFFER_LENGTH, stream); /* skip the first line since it's the magic string */
} /* next record */
if(records==MS_TRUE && join->footer) {
@@ -2485,6 +2510,11 @@
return(NULL);
}
+ if(isValidTemplate(stream, join->footer) != MS_TRUE) {
+ fclose(stream);
+ return NULL;
+ }
+
/* echo file to the output buffer, no substitutions */
while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = strcatalloc(outbuf, line);
@@ -3018,6 +3048,11 @@
return MS_FAILURE;
}
+ if(isValidTemplate(stream, html) != MS_TRUE) {
+ fclose(stream);
+ return MS_FAILURE;
+ }
+
if (papszBuffer)
{
if ((*papszBuffer) == NULL)
More information about the mapserver-commits
mailing list