[Mapbender-commits] r2232 - in branches/2.5/http: extensions frames
html
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Mar 13 06:42:33 EDT 2008
Author: christoph
Date: 2008-03-13 06:42:33 -0400 (Thu, 13 Mar 2008)
New Revision: 2232
Modified:
branches/2.5/http/extensions/ext_featureInfoTunnel.php
branches/2.5/http/extensions/ext_weldMaps.php
branches/2.5/http/extensions/geom2wfst.php
branches/2.5/http/extensions/markResult.php
branches/2.5/http/frames/index.php
branches/2.5/http/html/mod_sync_treefolder.php
branches/2.5/http/html/mod_treefolder.php
Log:
added validateSession and validatePermission
Modified: branches/2.5/http/extensions/ext_featureInfoTunnel.php
===================================================================
--- branches/2.5/http/extensions/ext_featureInfoTunnel.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/extensions/ext_featureInfoTunnel.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -16,7 +16,7 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__) . "/../classes/class_stripRequest.php");
require_once(dirname(__FILE__) . "/../classes/class_connector.php");
$mr = new stripRequest(urldecode($_REQUEST["url"]));
Modified: branches/2.5/http/extensions/ext_weldMaps.php
===================================================================
--- branches/2.5/http/extensions/ext_weldMaps.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/extensions/ext_weldMaps.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -23,6 +23,8 @@
* expects $_SESSION["mb_print_resolution"]
* **/
+require(dirname(__FILE__)."/../php/mb_validateSession.php");
+
class weldMaps{
var $map_width;
var $map_height;
@@ -90,7 +92,7 @@
$bgc = ImageColorAllocate ($im, 255, 255, 255);
$tc = ImageColorAllocate ($im, 0, 0, 0);
ImageFilledRectangle ($im, 0, 0, $map_width, $map_height, $bgc);
- ImageString($im, 1, 5, 5, "Fehler beim Öffnen von: ", $tc);
+ ImageString($im, 1, 5, 5, "Fehler beim �ffnen von: ", $tc);
$chunk = chunk_split(urldecode($imgname), 60, "###");
$array_chunk = explode("###", $chunk);
for($i=0; $i<count($array_chunk); $i++){
Modified: branches/2.5/http/extensions/geom2wfst.php
===================================================================
--- branches/2.5/http/extensions/geom2wfst.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/extensions/geom2wfst.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -25,12 +25,9 @@
$wfs_conf_id = $_REQUEST["wfs_conf_id"];
$featuretype_name = $_REQUEST["featuretype_name"];
-session_start();
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../classes/class_mb_exception.php");
require_once(dirname(__FILE__)."/../extensions/JSON.php");
-$con = db_connect(DBSERVER,OWNER,PW);
-db_select_db(DB,$con);
function isValidVarName ($varname) {
if (preg_match("/[\$]{1}_[a-z]+\[\"[a-z_]+\"\]/i", $varname) != 0) {
Modified: branches/2.5/http/extensions/markResult.php
===================================================================
--- branches/2.5/http/extensions/markResult.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/extensions/markResult.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -23,7 +23,9 @@
* $color -> Color of the polygon/line, commasaparated RGB-values
*
*/
+
import_request_variables("PG");
+require(dirname(__FILE__)."/../php/mb_validateSession.php");
$tmpx = array();
$tmpy = array();
$x = array();
Modified: branches/2.5/http/frames/index.php
===================================================================
--- branches/2.5/http/frames/index.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/frames/index.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -19,10 +19,19 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
mb_internal_encoding("UTF-8");
-
-require(dirname(__FILE__)."/../php/mb_validateSession.php");
+require("../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../classes/class_locale.php");
+//
+// check if user is allowed to access current GUI;
+// if not, return to login screen
+//
+if (!in_array($gui_id, $_SESSION["mb_user_guis"])) {
+ $e = new mb_exception("mb_validateSession.php: User: " . $_SESSION["mb_user_id"] . " not allowed to access GUI " . $gui_id);
+ header("Location: ".LOGIN);
+ die();
+}
+
#$e = new mb_notice("index.php: arguments: GML: " . $_SESSION["GML"]);
#$e = new mb_notice("index.php: arguments: Zoom to layer: " . $_REQUEST["zoomToLayer"]);
#$e = new mb_notice("index.php: arguments: portal_services: " . $_REQUEST["portal_services"]);
@@ -31,7 +40,7 @@
$pattern = "/sessionID/";
-$_SESSION["mb_user_gui"] = $_REQUEST["gui_id"];
+$_SESSION["mb_user_gui"] = $gui_id;
$localeObj = new Mb_locale($_SESSION["mb_lang"]);
@@ -53,10 +62,10 @@
<?php
echo '<meta http-equiv="Content-Type" content="text/html; charset='.CHARSET.'">';
?>
-<title><?php echo $_REQUEST["gui_id"];?> - presented by Mapbender</title>
+<title><?php echo $gui_id;?> - presented by Mapbender</title>
<?php
$sql = "SELECT * FROM gui_element_vars WHERE fkey_e_id = 'body' AND fkey_gui_id = $1 and var_type='file/css'";
-$v = array($_REQUEST["gui_id"]);
+$v = array($gui_id);
$t = array('s');
$res = db_prep_query($sql,$v,$t);
$cnt = 0;
@@ -68,7 +77,7 @@
<!--
<?php
$sql = "SELECT * FROM gui_element_vars WHERE fkey_e_id = 'body' AND fkey_gui_id = $1 and var_type='text/css'";
-$v = array($_REQUEST["gui_id"]);
+$v = array($gui_id);
$t = array('s');
$res = db_prep_query($sql,$v,$t);
$cnt = 0;
@@ -90,12 +99,12 @@
$sql = "SELECT fkey_gui_id,e_id,e_pos,e_public,e_comment,gettext($1, e_title) as e_title, e_element,";
$sql .= "e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,";
$sql .= "e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires,e_url FROM gui_element WHERE e_public = 1 AND fkey_gui_id = $2 ORDER BY e_pos";
-$v = array($_SESSION["mb_lang"], $_REQUEST["gui_id"]);
+$v = array($_SESSION["mb_lang"], $gui_id);
$t = array('s', 's');
$res = db_prep_query($sql,$v,$t);
$i = 0;
while(db_fetch_row($res)){
- $replacement = SID."&guiID=".$_REQUEST["gui_id"]."&elementID=".db_result($res,$i,"e_id");
+ $replacement = $urlParameters."&elementID=".db_result($res,$i,"e_id");
echo "<".db_result($res,$i,"e_element")." ";
if(db_result($res,$i,"e_id") != ""){
echo " id='".db_result($res,$i,"e_id")."'";
@@ -153,7 +162,7 @@
</form>
<?php
#echo "<script type='text/javascript' src='../javascripts/map.php?gui_id=".$_REQUEST["gui_id"]."&zoomToLayer=".$_REQUEST["zoomToLayer"]."&portal_services=".$_REQUEST['portal_services']."&portal_services_wfs=".$_REQUEST['portal_services_wfs']."&layer_preview=".$_REQUEST['layer_preview']."&".strip_tags(SID)."&mb_myBBOX=".$_REQUEST["mb_myBBOX"]."'></script>";
-echo "<script type='text/javascript' src='../javascripts/map.php?gui_id=".$_REQUEST["gui_id"]."&".strip_tags(SID)."&mb_myBBOX=".$_REQUEST["mb_myBBOX"]."'></script>";
+echo "<script type='text/javascript' src='../javascripts/map.php?gui_id=".$urlParameters."&mb_myBBOX=".$_REQUEST["mb_myBBOX"]."'></script>";
?>
</body>
</html>
\ No newline at end of file
Modified: branches/2.5/http/html/mod_sync_treefolder.php
===================================================================
--- branches/2.5/http/html/mod_sync_treefolder.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/html/mod_sync_treefolder.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -1,5 +1,5 @@
<?php
-session_start();
+require("../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@@ -19,7 +19,7 @@
parent.mb_registerInitFunctions("window.frames['treeGDE'].setTree()");
}
function setTree(){
- document.location.href = "../html/mod_treefolder.php?<?php echo SID; ?>&e_id_css=<?php echo $_REQUEST["e_id_css"]; ?>";
+ document.location.href = "../html/mod_treefolder.php?<?php echo $urlParameters; ?>";
}
// -->
</script>
Modified: branches/2.5/http/html/mod_treefolder.php
===================================================================
--- branches/2.5/http/html/mod_treefolder.php 2008-03-13 10:31:54 UTC (rev 2231)
+++ branches/2.5/http/html/mod_treefolder.php 2008-03-13 10:42:33 UTC (rev 2232)
@@ -1,11 +1,5 @@
<?php
-session_start();
-$gui_id = $_SESSION["mb_user_gui"];
-
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-
-$con = db_connect(DBSERVER,OWNER,PW);
-db_select_db(DB,$con);
+require("../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
@@ -23,7 +17,7 @@
}
<?php
$sql = "SELECT e_target FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
- $v = array($_REQUEST['e_id_css'],$_SESSION["mb_user_gui"]);
+ $v = array($e_id,$gui_id);
$t = array('s','s');
$res = db_prep_query($sql,$v,$t);
$e_target = db_result($res,0,"e_target");
More information about the Mapbender_commits
mailing list