[Mapbender-commits] r1514 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Wed Jul 18 12:23:24 EDT 2007
Author: christoph
Date: 2007-07-18 12:23:24 -0400 (Wed, 18 Jul 2007)
New Revision: 1514
Modified:
trunk/mapbender/http/php/mod_wfs_gazetteer_server.php
Log:
utf8-decode filter before GET request
Modified: trunk/mapbender/http/php/mod_wfs_gazetteer_server.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_gazetteer_server.php 2007-07-18 16:21:45 UTC (rev 1513)
+++ trunk/mapbender/http/php/mod_wfs_gazetteer_server.php 2007-07-18 16:23:24 UTC (rev 1514)
@@ -20,12 +20,43 @@
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
include(dirname(__FILE__)."/../classes/class_gml2.php");
require_once(dirname(__FILE__)."/../extensions/JSON.php");
+require_once(dirname(__FILE__)."/../classes/class_administration.php");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
$command = $_REQUEST["command"];
+function checkAccessConstraint($filter, $wfs_conf_id) {
+ /* wfs_conf_element */
+ $sql = "SELECT * FROM wfs_conf_element ";
+ $sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
+ $sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
+ $sql .= "ORDER BY wfs_conf_element.f_respos";
+
+ $v = array($wfs_conf_id);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+ while($row = db_fetch_array($res)){
+
+ if (!empty($row["f_auth_varname"])) {
+ $auth_varname = $row["f_auth_varname"];
+ $element_name = $row["element_name"];
+ }
+ }
+ if (!empty($auth_varname)) {
+
+ if (isValidVarName($auth_varname)) {
+ $user = eval("return " . $auth_varname . ";");
+ $pattern = "(<ogc:Filter[^>]*>)(.*)(</ogc:Filter>)";
+ $replacement = "\\1<And>\\2<ogc:PropertyIsEqualTo><ogc:PropertyName>" . $element_name . "</ogc:PropertyName><ogc:Literal>" . $user . "</ogc:Literal></ogc:PropertyIsEqualTo></And>\\3";
+ $filter = eregi_replace($pattern, $replacement, $filter);
+ }
+ }
+ return $filter;
+}
+
+
if ($command == "getWfsConf") {
$wfsConfIdString = $_GET["wfsConfIdString"];
@@ -149,8 +180,12 @@
die("wfs_conf_element data not available");
}
- $req = urldecode($url).urlencode(stripslashes($filter));
+ // append authorisation condition to filter
+ $filter = checkAccessConstraint($filter, $wfs_conf_id);
+ $admin = new administration();
+
+ $req = urldecode($url).urlencode($admin->char_decode(stripslashes($filter)));
$mygml = new gml2();
$mygml->parsegml($req);
More information about the Mapbender_commits
mailing list