[Mapbender-commits] r1569 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Aug 2 09:08:06 EDT 2007
Author: christoph
Date: 2007-08-02 09:08:06 -0400 (Thu, 02 Aug 2007)
New Revision: 1569
Modified:
trunk/mapbender/http/php/mod_wfs_result.php
Log:
added filter parameter to wfs request
Modified: trunk/mapbender/http/php/mod_wfs_result.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_result.php 2007-08-02 13:06:54 UTC (rev 1568)
+++ trunk/mapbender/http/php/mod_wfs_result.php 2007-08-02 13:08:06 UTC (rev 1569)
@@ -18,12 +18,19 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
$filter = stripslashes($_REQUEST["filter"]);
-$url = stripslashes($_REQUEST['url']);
-//echo $filter; die();
+$url = stripslashes($_REQUEST["url"]);
+$js_wfs_conf_id = $_REQUEST["js_wfs_conf_id"];
+$db_wfs_conf_id = $_REQUEST["db_wfs_conf_id"];
+$typename = $_REQUEST["typename"];
+
+session_start();
require_once("../../conf/mapbender.conf");
require_once("../classes/class_stripRequest.php");
require_once("../classes/class_connector.php");
+$con = db_connect(DBSERVER,OWNER,PW);
+db_select_db(DB,$con);
+
function sepNameSpace($s){
$c = strpos($s,":");
if ($c > 0){
@@ -34,6 +41,44 @@
}
}
+function isValidVarName ($varname) {
+ if (preg_match("/[\$]{1}_[a-z]+\[\"[a-z_]+\"\]/i", $varname) != 0) {
+ return true;
+ }
+ return false;
+}
+
+function checkAccessConstraint($filter, $wfs_conf_id) {
+ /* wfs_conf_element */
+ $sql = "SELECT * FROM wfs_conf_element ";
+ $sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
+ $sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
+ $sql .= "ORDER BY wfs_conf_element.f_respos";
+
+ $v = array($wfs_conf_id);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+ while($row = db_fetch_array($res)){
+
+ if (!empty($row["f_auth_varname"])) {
+ $auth_varname = $row["f_auth_varname"];
+ $element_name = $row["element_name"];
+ }
+ }
+ if (!empty($auth_varname)) {
+
+ if (isValidVarName($auth_varname)) {
+ $user = eval("return " . $auth_varname . ";");
+ $pattern = "(<ogc:Filter[^>]*>)(.*)(</ogc:Filter>)";
+ $replacement = "\\1<And>\\2<ogc:PropertyIsEqualTo><ogc:PropertyName>" . $element_name . "</ogc:PropertyName><ogc:Literal>" . $user . "</ogc:Literal></ogc:PropertyIsEqualTo></And>\\3";
+ $filter = eregi_replace($pattern, $replacement, $filter);
+ }
+ }
+ return $filter;
+}
+
+$filter = checkAccessConstraint($filter, $db_wfs_conf_id);
+
$wfsRequest = $url . urlencode($filter);
$connection = new connector($wfsRequest);
$data = $connection->file;
@@ -60,7 +105,6 @@
$el = -1;
$fid = -1;
-$typename = $_REQUEST["typename"];
$element_str = "";
$geom_str = "";
foreach ($values as $element) {
@@ -106,7 +150,7 @@
}
// TO DO: the following is added twice! Once suffices.
$element_str .= "geom.get(" . $member . ").e.setElement('fid', '".$fid."');\n";
- $element_str .= "geom.get(" . $member . ").wfs_conf = ".$_REQUEST['wfs_conf_id'].";\n";
+ $element_str .= "geom.get(" . $member . ").wfs_conf = ".$js_wfs_conf_id.";\n";
}
else if(strtoupper($element[tag]) == strtoupper("gml:coordinates") && $geom == true){
$tmp = str_replace(",,","",str_replace(" ",",",trim($element[value])));
More information about the Mapbender_commits
mailing list