[Mapbender-commits] r3580 - branches/2.5/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Fri Feb 20 08:24:42 EST 2009
Author: christoph
Date: 2009-02-20 08:24:42 -0500 (Fri, 20 Feb 2009)
New Revision: 3580
Modified:
branches/2.5/http/php/mod_wfs_conf.php
branches/2.5/http/php/mod_wfs_edit.php
Log:
http://trac.osgeo.org/mapbender/ticket/386
Modified: branches/2.5/http/php/mod_wfs_conf.php
===================================================================
--- branches/2.5/http/php/mod_wfs_conf.php 2009-02-19 13:38:41 UTC (rev 3579)
+++ branches/2.5/http/php/mod_wfs_conf.php 2009-02-20 13:24:42 UTC (rev 3580)
@@ -20,8 +20,12 @@
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
-$con = db_connect(DBSERVER,OWNER,PW);
-db_select_db(DB,$con);
+foreach ($_POST as $key => &$value) {
+ if (is_string($value) && 1 === get_magic_quotes_gpc()) {
+ $value = stripslashes($value);
+ }
+}
+
?>
<html>
<head>
@@ -86,7 +90,7 @@
/* save wfs_conf properties */
-if(isset($_REQUEST["save"])){
+if(isset($_POST["save"])){
db_select_db($DB,$con);
@@ -95,7 +99,7 @@
$sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
$sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics";
$sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, ";
- if (!empty($_REQUEST["g_use_wzgraphics"])) {
+ if (!empty($_POST["g_use_wzgraphics"])) {
$sql .= "'1'";
}
else {
@@ -103,51 +107,62 @@
}
$sql .= "); ";
- $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"]);
+ $v = array(
+ $_POST["wfs_conf_abstract"],
+ $_POST["wfs"],
+ $_POST["featuretype"],
+ $_POST["g_label"],
+ $_POST["g_label_id"],
+ $_POST["g_button"],
+ $_POST["g_button_id"],
+ $_POST["g_style"],
+ $_POST["g_buffer"],
+ $_POST["g_res_style"]
+ );
$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
$res = db_prep_query($sql, $v, $t);
$wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
- for ($i = 0; $i < $_REQUEST["num"]; $i++){
+ for ($i = 0; $i < $_POST["num"]; $i++){
$sql = "INSERT INTO wfs_conf_element (fkey_wfs_conf_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos,f_edit,f_form_element_html,f_mandatory,f_auth_varname,f_show_detail) VALUES(";
$sql .= "$1, $2, ";
- if (!empty($_REQUEST["f_search".$i])) {
+ if (!empty($_POST["f_search".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ", $3, $4, ";
- if (!empty($_REQUEST["f_toupper".$i])) {
+ if (!empty($_POST["f_toupper".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ",$5, $6, ";
- if (!empty($_REQUEST["f_show".$i])) {
+ if (!empty($_POST["f_show".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ", $7, ";
- if (!empty($_REQUEST["f_edit".$i])) {
+ if (!empty($_POST["f_edit".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ",$8, ";
- if (!empty($_REQUEST["f_mandatory".$i])) {
+ if (!empty($_POST["f_mandatory".$i])) {
$sql .= "'1'";
}
else {
$sql .= "'0'";
}
$sql .= ",$9,";
- if (!empty($_REQUEST["f_show_detail".$i])) {
+ if (!empty($_POST["f_show_detail".$i])) {
$sql .= "'1'";
}
else {
@@ -155,14 +170,14 @@
}
$sql .= "); ";
- $v = array($wfsID, $_REQUEST["f_id".$i], $_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], stripslashes($_REQUEST["f_label_id".$i]), $_REQUEST["f_respos".$i], stripslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i]);
+ $v = array($wfsID, $_POST["f_id".$i], $_POST["f_pos".$i], $_POST["f_style_id".$i], $_POST["f_label".$i], $_POST["f_label_id".$i], $_POST["f_respos".$i], $_POST["f_form_element_html".$i], $_POST["f_auth_varname".$i]);
$t = array("i", "s", "s", "s", "s", "s", "i", "s", "s");
$res = db_prep_query($sql, $v, $t);
}
- if (isset($_REQUEST["f_geom"])) {
+ if (isset($_POST["f_geom"])) {
$sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
$sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
- $v = array($wfsID, $_REQUEST["f_geom"]);
+ $v = array($wfsID, $_POST["f_geom"]);
$t = array("i", "i");
$res = db_prep_query($sql, $v, $t);
}
@@ -176,16 +191,16 @@
/* select wfs */
-if(isset($_REQUEST["wfs"]) && $_REQUEST["wfs"] == ""){
- unset($_REQUEST["wfs"]);
- unset($_REQUEST["featuretype"]);
+if(isset($_POST["wfs"]) && $_POST["wfs"] == ""){
+ unset($_POST["wfs"]);
+ unset($_POST["featuretype"]);
}
echo "<select name='wfs' onchange='selectWFS()'>";
echo "<option value=''>...</option>";
for($i=0; $i<count($aWFS->wfs_id);$i++){
echo "<option value='".$aWFS->wfs_id[$i]."' ";
- if(isset($_REQUEST["wfs"]) && $aWFS->wfs_id[$i] == $_REQUEST["wfs"]){
+ if(isset($_POST["wfs"]) && $aWFS->wfs_id[$i] == $_POST["wfs"]){
echo "selected";
}
echo ">".$aWFS->wfs_id[$i]." ".$aWFS->wfs_title[$i]."</option>";
@@ -198,10 +213,10 @@
/* select featuretype */
-if(isset($_REQUEST["wfs"])){
+if(isset($_POST["wfs"])){
for($i=0; $i<count($aWFS->wfs_id);$i++){
- if($aWFS->wfs_id[$i] == $_REQUEST["wfs"]){
+ if($aWFS->wfs_id[$i] == $_POST["wfs"]){
echo "<table>";
echo "<tr><td>ID:</td><td>".$aWFS->wfs_id[$i]."</td></tr>";
echo "<tr><td>Name:</td><td>".$aWFS->wfs_name[$i]."</td></tr>";
@@ -214,12 +229,12 @@
}
}
- $aWFS->getfeatures($_REQUEST["wfs"]);
+ $aWFS->getfeatures($_POST["wfs"]);
echo "<table>";
for($i=0; $i<count($aWFS->features->featuretype_id); $i++){
echo "<tr>";
echo "<td><input type='radio' name='featuretype' value='".$aWFS->features->featuretype_id[$i]."' onclick='submit()' ";
- if(isset($_REQUEST["featuretype"]) && $_REQUEST["featuretype"] == $aWFS->features->featuretype_id[$i]){
+ if(isset($_POST["featuretype"]) && $_POST["featuretype"] == $aWFS->features->featuretype_id[$i]){
echo "checked ";
}
echo "/></td>";
@@ -232,11 +247,11 @@
/* end select featuretype */
/* configure elements */
-if(isset($_REQUEST["featuretype"])){
+if(isset($_POST["featuretype"])){
for($i=0; $i<count($aWFS->features->featuretype_id); $i++){
- if($_REQUEST["featuretype"] == $aWFS->features->featuretype_id[$i]){
+ if($_POST["featuretype"] == $aWFS->features->featuretype_id[$i]){
echo "<hr>SRS: ".$aWFS->features->featuretype_srs[$i];
}
}
@@ -256,7 +271,7 @@
/* set element options */
- $aWFS->getelements($_REQUEST["featuretype"]);
+ $aWFS->getelements($_POST["featuretype"]);
echo "<table border='1'>";
echo "<tr valign = bottom>";
echo "<td>" . toImage('ID') . "</td>";
@@ -294,7 +309,7 @@
echo "<td><input name='f_mandatory".$i."' type='checkbox'></td>";
echo "<td><input name='f_edit".$i."' type='checkbox'></td>";
echo "<td><textarea name='f_form_element_html".$i."' cols='15' rows='1' ></textarea></td>";
- echo "<td><input name='f_auth_varname".$i."' type='text' size='8'></td>";
+ echo "<td><input name='f_auth_varname".$i."' type='text' size='8' value=''></td>";
echo "</tr>";
}
echo "</table>";
@@ -306,4 +321,4 @@
/* end configure elements */
?>
</form>
-</body>
\ No newline at end of file
+</body>
Modified: branches/2.5/http/php/mod_wfs_edit.php
===================================================================
--- branches/2.5/http/php/mod_wfs_edit.php 2009-02-19 13:38:41 UTC (rev 3579)
+++ branches/2.5/http/php/mod_wfs_edit.php 2009-02-20 13:24:42 UTC (rev 3580)
@@ -18,6 +18,12 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+
+foreach ($_POST as $key => &$value) {
+ if (is_string($value) && 1 === get_magic_quotes_gpc()) {
+ $value = stripslashes($value);
+ }
+}
?>
<html>
<head>
@@ -53,13 +59,13 @@
<?php
/* save wfs_conf properties */
-if(isset($_REQUEST["save"])){
+if(isset($_POST["save"])){
$sql = "UPDATE wfs_conf SET ";
$sql .= "wfs_conf_abstract = $1, g_label = $2, ";
$sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
$sql .= "g_buffer = $7, g_res_style = $8, g_use_wzgraphics = ";
- if (!empty($_REQUEST["g_use_wzgraphics"])) {
+ if (!empty($_POST["g_use_wzgraphics"])) {
$sql .= "1";
}
else {
@@ -67,35 +73,35 @@
}
$sql .= " WHERE wfs_conf_id = $9;";
- $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["gaz"]);
- $t = array("s", "s", "s", "s", "s", "s", "s", "i", "s");
+ $v = array($_POST["wfs_conf_abstract"], $_POST["g_label"], $_POST["g_label_id"], $_POST["g_button"], $_POST["g_button_id"], $_POST["g_style"], $_POST["g_buffer"], $_POST["g_res_style"], $_POST["gaz"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
$res = db_prep_query($sql, $v, $t);
- if (isset($_REQUEST["f_geom"])) {
+ if (isset($_POST["f_geom"])) {
$sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
$sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
- $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $v = array($_POST["gaz"], $_POST["f_geom"]);
$t = array("i", "s");
$res = db_prep_query($sql, $v, $t);
$sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
$sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id <> $2;";
- $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+ $v = array($_POST["gaz"], $_POST["f_geom"]);
$t = array("i", "s");
$res = db_prep_query($sql, $v, $t);
}
else {
$sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
$sql .= "WHERE fkey_wfs_conf_id = $1;";
- $v = array($_REQUEST["gaz"]);
+ $v = array($_POST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
}
- for($i=0; $i<$_REQUEST["num"]; $i++){
+ for($i=0; $i<$_POST["num"]; $i++){
$sql = "UPDATE wfs_conf_element SET f_search = '";
- if (!empty($_REQUEST["f_search".$i])) {
+ if (!empty($_POST["f_search".$i])) {
$sql .= "1";
}
else {
@@ -103,7 +109,7 @@
}
$sql .= "', f_pos = $1, f_style_id = $2,";
$sql .= "f_toupper = '" ;
- if (!empty($_REQUEST["f_toupper".$i])) {
+ if (!empty($_POST["f_toupper".$i])) {
$sql .= "1";
}
else {
@@ -111,7 +117,7 @@
}
$sql .= "',f_label = $3, f_label_id = $4,";
$sql .= "f_show = '";
- if (!empty($_REQUEST["f_show".$i])) {
+ if (!empty($_POST["f_show".$i])) {
$sql .= "1";
}
else {
@@ -119,7 +125,7 @@
}
$sql .= "',f_respos = $5,";
$sql .= "f_edit = '";
- if (!empty($_REQUEST["f_edit".$i])) {
+ if (!empty($_POST["f_edit".$i])) {
$sql .= "1";
}
else {
@@ -127,7 +133,7 @@
}
$sql .= "', f_form_element_html = $6,";
$sql .= "f_mandatory = '";
- if (!empty($_REQUEST["f_mandatory".$i])) {
+ if (!empty($_POST["f_mandatory".$i])) {
$sql .= "1";
}
else {
@@ -135,7 +141,7 @@
}
$sql .= "', f_auth_varname = $7,";
$sql .= "f_show_detail = '";
- if (!empty($_REQUEST["f_show_detail".$i])) {
+ if (!empty($_POST["f_show_detail".$i])) {
$sql .= "1";
}
else {
@@ -144,7 +150,7 @@
$sql .= "'";
$sql .= " WHERE fkey_wfs_conf_id = $8 AND f_id = $9;";
- $v = array($_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], stripslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i], $_REQUEST["gaz"], $_REQUEST["f_id".$i]);
+ $v = array($_POST["f_pos".$i], $_POST["f_style_id".$i], $_POST["f_label".$i], $_POST["f_label_id".$i], $_POST["f_respos".$i], $_POST["f_form_element_html".$i], $_POST["f_auth_varname".$i], $_POST["gaz"], $_POST["f_id".$i]);
$t = array("s", "s", "s", "s", "s", "s", "s", "i", "s");
$res = db_prep_query($sql, $v, $t);
}
@@ -160,7 +166,7 @@
$cnt = 0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["wfs_conf_id"]."' ";
- if(isset($_REQUEST["gaz"]) && $row["wfs_conf_id"] == $_REQUEST["gaz"]){
+ if(isset($_POST["gaz"]) && $row["wfs_conf_id"] == $_POST["gaz"]){
echo "selected";
}
echo ">".$row["wfs_conf_id"]." ".$row["wfs_conf_abstract"]."</option>";
@@ -181,9 +187,9 @@
}
/* configure elements */
-if (isset($_REQUEST["gaz"])) {
+if (isset($_POST["gaz"])) {
$sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
- $v = array($_REQUEST["gaz"]);
+ $v = array($_POST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
@@ -207,7 +213,7 @@
$sql = "SELECT * FROM wfs_conf_element ";
$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
$sql .= "WHERE fkey_wfs_conf_id = $1 ORDER BY f_id";
- $v = array($_REQUEST["gaz"]);
+ $v = array($_POST["gaz"]);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
@@ -250,8 +256,8 @@
echo "<td><input name='f_toupper".$cnt."' type='checkbox'";
if($row["f_toupper"] == 1){ echo " checked"; }
echo "></td>";
- echo "<td><input name='f_label".$cnt."' type='text' size='4' value='".$row["f_label"]."'></td>";
- echo "<td><input name='f_label_id".$cnt."' type='text' size='2' value='".$row["f_label_id"]."'></td>";
+ echo "<td><input name='f_label".$cnt."' type='text' size='4' value=\"".htmlentities($row["f_label"])."\"></td>";
+ echo "<td><input name='f_label_id".$cnt."' type='text' size='2' value=\"".htmlentities($row["f_label_id"])."\"></td>";
echo "<td><input name='f_show".$cnt."' type='checkbox'";
if($row["f_show"] == 1){ echo " checked"; }
echo "></td>";
@@ -265,8 +271,8 @@
echo "<td><input name='f_edit".$cnt."' type='checkbox'";
if($row["f_edit"] == 1){ echo " checked"; }
echo "></td>";
- echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' >".$row["f_form_element_html"]."</textarea></td>";
- echo "<td><input name='f_auth_varname".$cnt."' type='text' size='8' value='".$row["f_auth_varname"]."'></td>";
+ echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' >".htmlentities($row["f_form_element_html"])."</textarea></td>";
+ echo "<td><input name='f_auth_varname$cnt' type='text' size='8' value=\"" . htmlentities($row["f_auth_varname"]) . "\"></td>";
echo "</tr>";
$cnt++;
}
@@ -279,4 +285,4 @@
/* end configure elements */
?>
</form>
-</body>
\ No newline at end of file
+</body>
More information about the Mapbender_commits
mailing list