[mapserver-users] Compatibility between mapserver versions: nquery issue

Stephen Woodbridge woodbri at swoodbridge.com
Wed Nov 28 06:13:11 PST 2012 

I suspect this has happened for security reasons, so a malicious mapfile 
cannot have a template file point to say /etc/password and expose that 
to the web user. A lot of file extensions and file signatures are now 
checked for validity to make mapserver more secure.

Feel free to write a bug against documentation to clarify this.

-Steve W

On 11/28/2012 3:17 AM, Arthur Delorme wrote:
> Indeed, even though I had php files, no php were found inside... I don't
> remember why I used php extension but they are not accepted anymore.
>
> So everything is fine, I will just put an html extension.
>
> Thanks for the help
>
> Arthur
>
> Le 27/11/12 15:11, Stephen Woodbridge a écrit :
>> On 11/27/2012 4:53 AM, Arthur Delorme wrote:
>>> Thank you for your help Steve, you're right: after some testing, it
>>> seems that template files with a .php extension are not working.
>>>
>>> I have general header.php and footer.php files (described in the WEB
>>> section of the mapfile) and several header, body and footer php files
>>> for the layers.
>>>
>>> By replacing all the extensions with html, it's working but I'd like to
>>> execute some php, which were possible before. Is it still possible?
>>
>> Hi Arthur,
>>
>> I do not believe executing php before or after a template has ever been
>> possible because mapserver reads the temple from the disk so it would
>> not be processed before mapserver gets it and mapserver sends it back to
>> the client directly so php would never have a chance to intercept it. So
>> I'm pretty sure this did not work in the past and will not work in the
>> future.
>>
>> If you need computational smarts in the template, you should be looking
>> at doing it in Javascript which executes after the template has been
>> returned to the browser and runs in the browser not on the server.
>>
>> Hope this helps,
>>    -Steve W
>>
>>
>>> Arthur
>>>
>>> Le 26/11/12 17:47, Lime, Steve D (DNR) a écrit :
>>>> The nquery mode is still supported, that hasn't changed. The error
>>>> message is fairly informative, what are your templates named?
>>>>
>>>> Steve
>>>>
>>>> -----Original Message-----
>>>> From: mapserver-users-bounces at lists.osgeo.org
>>>> [mailto:mapserver-users-bounces at lists.osgeo.org] On Behalf Of Arthur
>>>> Delorme
>>>> Sent: Monday, November 26, 2012 10:38 AM
>>>> To: mapserver-users at lists.osgeo.org
>>>> Subject: [mapserver-users] Compatibility between mapserver versions:
>>>> nquery issue
>>>>
>>>> Hello,
>>>>
>>>> A few years ago, I developed a web interface to access data
>>>> (informations and download) through spatial queries. It was based on
>>>> mapserver 5.2.0 but I would like to update my code to mapserver 6.2.0
>>>> and I don't get how spatial queries are working nowadays.
>>>>
>>>> As far as I understood, nquery mode is not supported anymore for URL
>>>> templates (the error is "msReturnPage(): Web application error.
>>>> Malformed template name") but I can't figure how it is supposed to
>>>> work then.
>>>>
>>>> On mapserver 5.2.0, a selection were made by drawing a rectangle and
>>>> sending the query with:
>>>>
>>>> <select name="mode" id="mode">
>>>>     <option id="search" value="browse" selected="selected"
>>>> [browse_select]>Display</option>
>>>>     <option id="selection" value="nquery"
>>>> onclick="document.jbox.boxon();"
>>>> [nquery_select]>Selection</option>
>>>> </select>
>>>>
>>>> The result was displayed through template files, with a table
>>>> containing some informations for each object selected on each
>>>> activated layer (one line per object).
>>>>
>>>> If someone could give me some informations about the "new" way to
>>>> obtain such a result, it would be great, because I am quite lost.
>>>>
>>>> Many thanks,
>>>>
>>>> Arthur
>>>> _______________________________________________
>>>> mapserver-users mailing list
>>>> mapserver-users at lists.osgeo.org
>>>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> mapserver-users mailing list
>>> mapserver-users at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>>
>> _______________________________________________
>> mapserver-users mailing list
>> mapserver-users at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users

More information about the mapserver-users mailing list