[Mapbender-commits] r7115 - in trunk/mapbender/http: classes
classes/phpmailer-1.72 javascripts php plugins print
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Nov 11 07:33:30 EST 2010
Author: apour
Date: 2010-11-11 04:33:30 -0800 (Thu, 11 Nov 2010)
New Revision: 7115
Modified:
trunk/mapbender/http/classes/class_georss_geometry.php
trunk/mapbender/http/classes/phpmailer-1.72/class.phpmailer.php
trunk/mapbender/http/javascripts/mod_digitize_tab.php
trunk/mapbender/http/javascripts/mod_tooltip.php
trunk/mapbender/http/javascripts/mod_wfs_SpatialRequest.php
trunk/mapbender/http/php/mod_changeEPSG_dynamic.php
trunk/mapbender/http/php/mod_coordsLookup_server.php
trunk/mapbender/http/plugins/mb_extendedSearch_server.php
trunk/mapbender/http/print/mod_printPDF.php
Log:
bugfix
Modified: trunk/mapbender/http/classes/class_georss_geometry.php
===================================================================
--- trunk/mapbender/http/classes/class_georss_geometry.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/classes/class_georss_geometry.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -303,42 +303,34 @@
is_null($newEPSG) || !is_numeric($newEPSG)) {
return null;
}
-/*
- * @security_patch sqli open
- * Where is x and y coming from?
- */
+ /*
+ * @security_patch sqli done
+ */
+
if(SYS_DBTYPE=='pgsql'){
$con = db_connect(DBSERVER, OWNER, PW);
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$x."
-".$y.")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as minx";
$resMinx = db_query($sqlMinx);
$minx = floatval(db_result($resMinx,0,"minx"));
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$x."
-".$y.")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as miny";
$resMiny = db_query($sqlMiny);
$miny = floatval(db_result($resMiny,0,"miny"));
}else{
- $con_string = "host=" . GEOS_DBSERVER . " port=" . GEOS_PORT .
- " dbname=" . GEOS_DB . "user=" . GEOS_OWNER .
- "password=" . GEOS_PW;
- $con = pg_connect($con_string) or die ("Error while connecting
-database");
+ $con_string = "host=".GEOS_DBSERVER." port=".GEOS_PORT." dbname=".GEOS_DB."user=".GEOS_OWNER ."password=".GEOS_PW;
+ $con = pg_connect($con_string) or die ("Error while connecting database");
/*
- * @security_patch sqli open
- * Where is x,y... coming from?
+ * @security_patch sqli done
*/
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$x."
-".$y.")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as minx";
$resMinx = pg_query($con,$sqlMinx);
$minx = floatval(pg_fetch_result($resMinx,0,"minx"));
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$x."
-".$y.")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as miny";
$resMiny = pg_query($con,$sqlMiny);
$miny = floatval(pg_fetch_result($resMiny,0,"miny"));
}
Modified: trunk/mapbender/http/classes/phpmailer-1.72/class.phpmailer.php
===================================================================
--- trunk/mapbender/http/classes/phpmailer-1.72/class.phpmailer.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/classes/phpmailer-1.72/class.phpmailer.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -457,9 +457,6 @@
* @return bool
*/
function SmtpSend($header, $body) {
- /*
- * @security_patch finc open
- */
include_once($this->PluginDir . "class.smtp.php");
$error = "";
$bad_rcpt = array();
@@ -597,9 +594,6 @@
* @return bool
*/
function SetLanguage($lang_type, $lang_path = "language/") {
- /*
- * @security_patch finc open
- */
if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php'))
include($lang_path.'phpmailer.lang-'.$lang_type.'.php');
else if(file_exists($lang_path.'phpmailer.lang-en.php'))
Modified: trunk/mapbender/http/javascripts/mod_digitize_tab.php
===================================================================
--- trunk/mapbender/http/javascripts/mod_digitize_tab.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/javascripts/mod_digitize_tab.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -299,9 +299,9 @@
$digitizeConfFilenameAndPath = dirname(__FILE__) . "/../../conf/" . $digitize_conf_filename;
if ($digitize_conf_filename && file_exists($digitizeConfFilenameAndPath)) {
/*
- * @security_patch finc open
+ * @security_patch finc done
*/
- include($digitizeConfFilenameAndPath);
+ include(secure($digitizeConfFilenameAndPath));
}
?>
if (typeof snapping === "undefined") {
Modified: trunk/mapbender/http/javascripts/mod_tooltip.php
===================================================================
--- trunk/mapbender/http/javascripts/mod_tooltip.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/javascripts/mod_tooltip.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -24,9 +24,9 @@
$fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename;
if (file_exists($fname)) {
/*
- * @security_patch finc open
+ * @security_patch finc done
*/
- include($fname);
+ include(secure($fname));
}
else {
$e = new mb_exception("tooltip.php: Configuration file " . $wfs_conf_filename . " not found.");
Modified: trunk/mapbender/http/javascripts/mod_wfs_SpatialRequest.php
===================================================================
--- trunk/mapbender/http/javascripts/mod_wfs_SpatialRequest.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/javascripts/mod_wfs_SpatialRequest.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -23,9 +23,9 @@
$fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename;
if (file_exists($fname)) {
/*
- * @security_patch finc open
+ * @security_patch finc done
*/
- include($fname);
+ include(secure($fname));
}
else {
$e = new mb_exception("mod_wfs_SpatialRequest.php: Configuration file " . $wfs_conf_filename . " not found.");
Modified: trunk/mapbender/http/php/mod_changeEPSG_dynamic.php
===================================================================
--- trunk/mapbender/http/php/mod_changeEPSG_dynamic.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/php/mod_changeEPSG_dynamic.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -120,21 +120,21 @@
for($i=0; $i < count($arraymapObj); $i++){
$temp = mb_split(",",$arraymapObj[$i]);
/*
- * @security_patch sqli open
+ * @security_patch sqli done
*/
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".preg_replace("/EPSG:/","",$temp[1])."),".preg_replace("/EPSG:/","",$_REQUEST["newSRS"]).")) as minx";
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".pg_escape_string($temp[2])." ".pg_escape_string($temp[3]).")',".pg_escape_string(preg_replace("/EPSG:/","",$temp[1]))."),".pg_escape_string(preg_replace("/EPSG:/","",$_REQUEST["newSRS"])).")) as minx";
$resMinx = @pg_query($con,$sqlMinx);
$minx = pg_result($resMinx,0,"minx");
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".preg_replace("/EPSG:/","",$temp[1])."),".preg_replace("/EPSG:/","",$_REQUEST["newSRS"]).")) as miny";
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".pg_escape_string($temp[2])." ".pg_escape_string($temp[3]).")',".pg_escape_string(preg_replace("/EPSG:/","",$temp[1]))."),".pg_escape_string(preg_replace("/EPSG:/","",$_REQUEST["newSRS"])).")) as miny";
$resMiny = @pg_query($con,$sqlMiny);
$miny = pg_result($resMiny,0,"miny");
- $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".preg_replace("/EPSG:/","",$temp[1])."),".preg_replace("/EPSG:/","",$_REQUEST["newSRS"]).")) as maxx";
+ $sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".pg_escape_string($temp[4])." ".pg_escape_string($temp[5]).")',".pg_escape_string(preg_replace("/EPSG:/","",$temp[1]))."),".pg_escape_string(preg_replace("/EPSG:/","",$_REQUEST["newSRS"])).")) as maxx";
$resMaxx = @pg_query($con,$sqlMaxx);
$maxx = pg_result($resMaxx,0,"maxx");
- $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".preg_replace("/EPSG:/","",$temp[1])."),".preg_replace("/EPSG:/","",$_REQUEST["newSRS"]).")) as maxy";
+ $sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".pg_escape_string($temp[4])." ".pg_escape_string($temp[5]).")',".pg_escape_string(preg_replace("/EPSG:/","",$temp[1]))."),".pg_escape_string(preg_replace("/EPSG:/","",$_REQUEST["newSRS"])).")) as maxy";
$resMaxy = @pg_query($con,$sqlMaxy);
$maxy = pg_result($resMaxy,0,"maxy");
Modified: trunk/mapbender/http/php/mod_coordsLookup_server.php
===================================================================
--- trunk/mapbender/http/php/mod_coordsLookup_server.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/php/mod_coordsLookup_server.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -32,11 +32,11 @@
}
if(SYS_DBTYPE=='pgsql'){
$con = db_connect(DBSERVER, OWNER, PW);
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$x." ".$y.")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as minx";
$resMinx = db_query($sqlMinx);
$minx = floatval(db_result($resMinx,0,"minx"));
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$x." ".$y.")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as miny";
$resMiny = db_query($sqlMiny);
$miny = floatval(db_result($resMiny,0,"miny"));
@@ -46,13 +46,13 @@
"password=" . GEOS_PW;
$con = pg_connect($con_string) or die ("Error while connecting database");
/*
- * @security_patch sqli open
+ * @security_patch sqli done
*/
- $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$x." ".$y.")',".$oldEPSG."),".$newEPSG.")) as minx";
+ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as minx";
$resMinx = pg_query($con,$sqlMinx);
$minx = floatval(pg_fetch_result($resMinx,0,"minx"));
- $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$x." ".$y.")',".$oldEPSG."),".$newEPSG.")) as miny";
+ $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".pg_escape_string($x)." ".pg_escape_string($y).")',".pg_escape_string($oldEPSG)."),".pg_escape_string($newEPSG).")) as miny";
$resMiny = pg_query($con,$sqlMiny);
$miny = floatval(pg_fetch_result($resMiny,0,"miny"));
}
Modified: trunk/mapbender/http/plugins/mb_extendedSearch_server.php
===================================================================
--- trunk/mapbender/http/plugins/mb_extendedSearch_server.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/plugins/mb_extendedSearch_server.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -198,10 +198,9 @@
$entries['iso_cat_name'] = array();
$entries['iso_cat_title'] = array();
/*
- * @security_patch sqli open
- * Where is langCode coming from?
+ * @security_patch sqli done
*/
- $sql_cat= "SELECT * FROM md_topic_category order by md_topic_category_code_".$langCode;
+ $sql_cat= "SELECT * FROM md_topic_category order by md_topic_category_code_".pg_escape_string($langCode);
$res_cat = pg_query($sql_cat);
while($row_cat = db_fetch_array($res_cat)){
array_push($entries['iso_cat_id'], $row_cat['md_topic_category_id']);
Modified: trunk/mapbender/http/print/mod_printPDF.php
===================================================================
--- trunk/mapbender/http/print/mod_printPDF.php 2010-11-11 11:28:55 UTC (rev 7114)
+++ trunk/mapbender/http/print/mod_printPDF.php 2010-11-11 12:33:30 UTC (rev 7115)
@@ -396,11 +396,11 @@
<?php
/*
- * @security_patch other open
+ * @security_patch other done
* > display_errors off
*/
ini_set("error_reporting",E_ALL);
-ini_set("display_errors","on");
+//ini_set("display_errors","on");
for($i = 1; $i <= 2; $i++) {
$max_comment_length = ${"comment".$i."_length"};
$label_hint = ($max_comment_length > -1) ? sprintf(" <em>"._mb("max.")." %s)</em>",$max_comment_length) : NULL;
More information about the Mapbender_commits
mailing list