svn commit: r339 - trunk/mapbender/http/php/mod_deleteWMS.php
uli at osgeo.org
uli at osgeo.org
Wed May 24 07:44:09 EDT 2006
Author: uli
Date: 2006-05-24 11:44:08+0000
New Revision: 339
Modified:
trunk/mapbender/http/php/mod_deleteWMS.php
Log:
validation of permissions
prepared statements included
Modified: trunk/mapbender/http/php/mod_deleteWMS.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_deleteWMS.php?view=diff&rev=339&p1=trunk/mapbender/http/php/mod_deleteWMS.php&p2=trunk/mapbender/http/php/mod_deleteWMS.php&r1=338&r2=339
==============================================================================
--- trunk/mapbender/http/php/mod_deleteWMS.php (original)
+++ trunk/mapbender/http/php/mod_deleteWMS.php 2006-05-24 11:44:08+0000
@@ -19,11 +19,11 @@
session_start();
import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+require_once("../php/mb_validatePermission.php");
+$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@@ -137,7 +137,7 @@
else
$text = $_POST["comment"];
- echo "<form name='form3' action='" . $PHP_SELF . "?".SID."' method='post'>";
+ echo "<form name='form3' action='" . $self ."' method='post'>";
echo "<table><tr>";
echo "<td>Your name:</td>";
echo "<td><input type='text' name='from' size=50 value = '".$fromName."'></td>";
@@ -154,41 +154,49 @@
echo "</form>";
}
-else {
-
+else {
// delete WMS
- if($del)
- {
- $sql = "select * from gui_wms where fkey_wms_id = ".$wmsList;
- $res = db_query($sql);
- $cnt = 0;
+ if($del){
+ $sql = "select * from gui_wms where fkey_wms_id = $1 ";
+ $v = array($wmsList);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+ $cnt = 0;
while($row = db_fetch_array($res))
{
$sql = "UPDATE gui_wms set gui_wms_position = (gui_wms_position -1) ";
- $sql .= "WHERE fkey_gui_id = '".$row["fkey_gui_id"]."'";
- $sql .= " AND gui_wms_position > " . $row["gui_wms_position"] ;
- $res = db_query($sql);
+ $sql .= "WHERE fkey_gui_id = $1 ";
+ $sql .= " AND gui_wms_position > $2 ";
+ $v = array($row["fkey_gui_id"],$row["gui_wms_position"]);
+ $t = array('s','i');
+ $res1 = db_prep_query($sql,$v,$t);
$cnt++;
}
- $sql = "DELETE FROM wms WHERE wms_id = '".$wmsList."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM wms WHERE wms_id = $1";
+ $v = array($wmsList);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
}
// display WMS List
$wms_id_own = $admin->getWmsByOwner($_SESSION["mb_user_id"]);
if (count($wms_id_own)>0){
+ $v = array();
+ $t = array();
$sql = "Select * from wms WHERE wms_id IN (";
for($i=0; $i<count($wms_id_own); $i++){
if($i>0){ $sql .= ",";}
- $sql .= $wms_id_own[$i];
+ $sql .= "$".($i+1);
+ array_push($v,$wms_id_own[$i]);
+ array_push($t,'i');
}
$sql .= ") ORDER BY wms_title";
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
$cnt = 0;
- echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>";
+ echo "<form name='form1' action='" . $self ."' method='post'>";
echo "<select class='wmsList' size='20' name='wmsList' onchange='document.form1.wmsList.value = this.value;submit()'>";
while($row = db_fetch_array($res))
{
@@ -215,8 +223,10 @@
{
echo "<p class = 'guiList'>";
// Show GUIs using chosen WMS
- $sql = "SELECT fkey_gui_id FROM gui_wms WHERE fkey_wms_id = '".$wmsList."'";
- $res = db_query($sql);
+ $sql = "SELECT fkey_gui_id FROM gui_wms WHERE fkey_wms_id = $1";
+ $v = array($wmsList);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
echo "<b>Used in the following GUIs:</b><br><br>";
@@ -231,8 +241,10 @@
}
// Show GetCapabilities of chosen WMS
- $sql = "SELECT wms_getcapabilities FROM wms WHERE wms_id = '".$wmsList."'";
- $res = db_query($sql);
+ $sql = "SELECT wms_getcapabilities FROM wms WHERE wms_id = $1";
+ $v = array($wmsList);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
echo "<br><br><b>GetCapabilities</b><br><br>";
@@ -244,8 +256,10 @@
}
// Show Abstract of Chosen WMS
- $sql = "SELECT wms_abstract FROM wms WHERE wms_id = '".$wmsList."'";
- $res = db_query($sql);
+ $sql = "SELECT wms_abstract FROM wms WHERE wms_id = $1";
+ $v = array($wmsList);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
echo "<br><br><b>Abstract</b><br><br>";
@@ -317,7 +331,7 @@
<input type='hidden' name='del'>
</form>
<?php
-echo "<form name='form2' action='" . $PHP_SELF . "?".SID."' method='post'>";
+echo "<form name='form2' action='" . $self ."' method='post'>";
?>
<input type='hidden' name='suggest' value='0'>
<input type='hidden' name='wms_name' value=''>
More information about the Mapbender_commits
mailing list