[Mapbender-commits] r1574 - trunk/mapbender/http/extensions

Thu Aug 2 09:23:57 EDT 2007

Author: christoph
Date: 2007-08-02 09:23:57 -0400 (Thu, 02 Aug 2007)
New Revision: 1574

Modified:
   trunk/mapbender/http/extensions/geom2wfst.php
Log:
added filter parameter to wfs request

Modified: trunk/mapbender/http/extensions/geom2wfst.php
===================================================================

--- trunk/mapbender/http/extensions/geom2wfst.php	2007-08-02 13:18:48 UTC (rev 1573)
+++ trunk/mapbender/http/extensions/geom2wfst.php	2007-08-02 13:23:57 UTC (rev 1574)
@@ -17,11 +17,78 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
+/**
+ * $_REQUEST["url"]
+ * $_REQUEST["filter"] 
+ */
 
+$wfs_conf_id = $_REQUEST["wfs_conf_id"];
+$featuretype_name = $_REQUEST["featuretype_name"];
+
+session_start();
 require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 require_once(dirname(__FILE__)."/../classes/class_mb_exception.php");
+$con = db_connect(DBSERVER,OWNER,PW);
+db_select_db(DB,$con);
 
+function isValidVarName ($varname) {
+	if (preg_match("/[\$]{1}_[a-z]+\[\"[a-z_]+\"\]/i", $varname) != 0) {
+		return true;
+	}
+	return false;
+}
 
+function addParameterToFilter($filter, $featuretype_name, $wfs_conf_id) {
+	
+	/* wfs_conf_element */
+	$sql = "SELECT * FROM wfs_conf_element ";
+	$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
+	$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
+	$sql .= "ORDER BY wfs_conf_element.f_respos";
+			
+	$v = array($wfs_conf_id);
+	$t = array('i');
+	$res = db_prep_query($sql,$v,$t);
+	while($row = db_fetch_array($res)){
+		if (!empty($row["f_auth_varname"])) {
+			$auth_varname = $row["f_auth_varname"];
+			$element_name = $row["element_name"];
+		}
+	}
+	if (!empty($auth_varname)) {
+
+		if (isValidVarName($auth_varname)) {
+			$user = eval("return " . $auth_varname . ";");
+			
+			$patternUpdate = "(<wfs:Update[^>]*>)";
+			$patternInsert = "(<wfs:Insert[^>]*>)";
+			$patternDelete = "(<wfs:Delete[^>]*>)";
+
+			// insert: store authenticated user in database 
+			if (eregi($patternInsert, $filter)) {
+				$pattern = "(<" . $featuretype_name . ">)";
+				$replacement = "\\1<" . $element_name . ">" . $user . "</" . $element_name . ">";
+				$filter = eregi_replace($pattern, $replacement, $filter);
+			}
+			// update or delete: disallow access for other users
+			if (eregi($patternDelete, $filter) || eregi($patternUpdate, $filter)) {
+				$pattern = "(<ogc:Filter>)(<ogc:FeatureId[^>]*>)(</ogc:filter>)";
+				$replacement = "\\1<And>\\2<ogc:PropertyIsEqualTo><ogc:PropertyName>" . $element_name . "</ogc:PropertyName><ogc:Literal>" . $user . "</ogc:Literal></ogc:PropertyIsEqualTo></And>\\3"; 
+				$filter = eregi_replace($pattern, $replacement, $filter);
+			}
+		}
+	}
+	return $filter;
+			
+}
+function checkVal($value){
+	$pattern = array("'",'"',"--");
+	$r = str_replace($pattern, "", $value);	
+	$r = addslashes($r);
+	return $r;
+}
+
+
 function sepNameSpace($s){
 	$c = strpos($s,":"); 
 	if($c>0) return substr($s,$c+1);
@@ -52,7 +119,7 @@
 
 $path = $arURL["path"];
 $method = "POST";
-$filter = stripslashes($_REQUEST["filter"]);
+$filter = stripslashes(addParameterToFilter($_REQUEST["filter"], $featuretype_name, $wfs_conf_id));
 
 $data = sendToHost($host,$port,$method,html_entity_decode($path),$filter);
 
@@ -101,9 +168,7 @@
 	$e = new mb_exception('WFS successfull host: '.$host.' port: '.$port.' filter: '.$_REQUEST["filter"]);
 }
 */
-
-$e = new mb_exception('WFS-T: '.$filter);
-
+header('Content-type: text/html');
 echo "{";  
 if (stristr($data, "success") !== false) {
 	$response = "success";

