[Mapbender-commits] r7116 - in branches/2.6: core http/classes
http/classes/phpmailer-1.72 http/extensions http/javascripts
http/php http/print tools
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Nov 11 10:50:41 EST 2010
Author: apour
Date: 2010-11-11 07:50:41 -0800 (Thu, 11 Nov 2010)
New Revision: 7116
Modified:
branches/2.6/core/system.php
branches/2.6/http/classes/class_element.php
branches/2.6/http/classes/class_gml2.php
branches/2.6/http/classes/class_map.php
branches/2.6/http/classes/class_metadata.php
branches/2.6/http/classes/class_weldMaps2Image.php
branches/2.6/http/classes/phpmailer-1.72/class.phpmailer.php
branches/2.6/http/extensions/markResult.php
branches/2.6/http/javascripts/map.php
branches/2.6/http/javascripts/mod_digitize_tab.php
branches/2.6/http/javascripts/mod_poi.php
branches/2.6/http/javascripts/mod_tooltip.php
branches/2.6/http/javascripts/mod_wfs_SpatialRequest.php
branches/2.6/http/javascripts/mod_wfs_gazetteer_client.php
branches/2.6/http/php/mod_addWmsFromFeatureInfo.php
branches/2.6/http/php/mod_category_filteredGUI.php
branches/2.6/http/php/mod_changeEPSG_server.php
branches/2.6/http/php/mod_changePassword.php
branches/2.6/http/php/mod_createCategory.php
branches/2.6/http/php/mod_createUser.php
branches/2.6/http/php/mod_deleteFilteredGUI.php
branches/2.6/http/php/mod_deleteGUI.php
branches/2.6/http/php/mod_deleteWFS.php
branches/2.6/http/php/mod_deleteWMS.php
branches/2.6/http/php/mod_editElementVars.php
branches/2.6/http/php/mod_editElements.php
branches/2.6/http/php/mod_editFilteredGroup.php
branches/2.6/http/php/mod_editFilteredUser.php
branches/2.6/http/php/mod_editGuiWms.php
branches/2.6/http/php/mod_editGuiWmsMeta.php
branches/2.6/http/php/mod_editSelf.php
branches/2.6/http/php/mod_editUser.php
branches/2.6/http/php/mod_edit_element_vars.php
branches/2.6/http/php/mod_edit_metadata.php
branches/2.6/http/php/mod_evalArea.php
branches/2.6/http/php/mod_exportGUI.php
branches/2.6/http/php/mod_export_image.php
branches/2.6/http/php/mod_filteredGroup_Gui.php
branches/2.6/http/php/mod_filteredGroup_User.php
branches/2.6/http/php/mod_filteredGroup_filteredGui.php
branches/2.6/http/php/mod_filteredGroup_filteredUser.php
branches/2.6/http/php/mod_filteredGui_User.php
branches/2.6/http/php/mod_filteredGui_filteredGroup.php
branches/2.6/http/php/mod_filteredGui_filteredUser.php
branches/2.6/http/php/mod_filteredGui_group.php
branches/2.6/http/php/mod_filteredUser_Group.php
branches/2.6/http/php/mod_filteredUser_Gui.php
branches/2.6/http/php/mod_filteredUser_filteredGroup.php
branches/2.6/http/php/mod_filteredUser_filteredGui.php
branches/2.6/http/php/mod_filteredWms_topic.php
branches/2.6/http/php/mod_forgottenPassword.php
branches/2.6/http/php/mod_getStyles.php
branches/2.6/http/php/mod_group_filteredGui.php
branches/2.6/http/php/mod_group_filteredUser.php
branches/2.6/http/php/mod_group_gui.php
branches/2.6/http/php/mod_group_user.php
branches/2.6/http/php/mod_gui_filteredGroup.php
branches/2.6/http/php/mod_gui_filteredUser.php
branches/2.6/http/php/mod_gui_group.php
branches/2.6/http/php/mod_gui_owner.php
branches/2.6/http/php/mod_gui_user.php
branches/2.6/http/php/mod_loadCapabilities.php
branches/2.6/http/php/mod_loadCapabilitiesList.php
branches/2.6/http/php/mod_loadCapabilities_temp.php
branches/2.6/http/php/mod_loadWFSCapabilities.php
branches/2.6/http/php/mod_newGui.php
branches/2.6/http/php/mod_orphanWMS.php
branches/2.6/http/php/mod_printView1.php
branches/2.6/http/php/mod_renameGUI.php
branches/2.6/http/php/mod_saveWKT.php
branches/2.6/http/php/mod_showGuiName.php
branches/2.6/http/php/mod_showLoggedUser.php
branches/2.6/http/php/mod_treefolderAdmin.php
branches/2.6/http/php/mod_treefolderClient.php
branches/2.6/http/php/mod_updateWMS.php
branches/2.6/http/php/mod_user_filteredGroup.php
branches/2.6/http/php/mod_user_filteredGui.php
branches/2.6/http/php/mod_user_group.php
branches/2.6/http/php/mod_user_gui.php
branches/2.6/http/php/mod_zoomCoords_en.php
branches/2.6/http/php/nestedSets.php
branches/2.6/http/print/mod_printPDF.php
branches/2.6/http/print/mod_printPDF_pdf.php
branches/2.6/tools/mod_monitorCapabilities_main.php
branches/2.6/tools/mod_monitorCapabilities_read.php
branches/2.6/tools/mod_monitorCapabilities_read_single.php
branches/2.6/tools/mod_monitorCapabilities_read_single_diff.php
Log:
Added security_patch infos.
Modified: branches/2.6/core/system.php
===================================================================
--- branches/2.6/core/system.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/core/system.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -40,3 +40,43 @@
define("ZOOM_MOUSEWHEEL", "1.1");
define("MODULES_NOT_RELYING_ON_GLOBALS", "back,forward,zoomIn1,copyright,dependentDiv,dragMapSize,dynamicOverview,FeatureInfoRedirect,highlightPOI,navFrame,sandclock,scaleBar,scaleSel,setBBOX,setPOI2Scale");
+/*
+ * Function to check a path for security.
+ */
+
+define("MB_BASEDIR",realpath(dirname(__FILE__)."/../"));
+
+
+function secure($path,$folder = "",$fileExt = null) {
+ $secure = true;
+ if(!defined("MB_BASEDIR")){ throw new Exception("MB_BASEDIR must be defined in core/system.php"); }
+
+ $basedir = realpath(MB_BASEDIR."/".$folder);
+ $path = realpath($path);
+ // $path must be within the basedir (and optionally within the subdirectory within basedir given by the $folder parameter
+ if(substr($path,0,strlen($basedir)) != $basedir){$secure = false;}
+
+ // PATH END
+ if(!empty($fileExt) AND substr($path,-strlen($fileExt)) != $fileExt){
+ $secure = false;
+ }
+
+ if($secure){
+ return $path;
+ } else {
+ throw new Exception("This path is not allowed! '$path'");
+ }
+}
+
+/*
+ * @security_patch Helper
+ */
+function security_patch_log($file,$line) {
+ $h = fopen("../log/security_patch.log","a+");
+ if($h) {
+ fwrite($h,date("Y.m.d H:i")." FILE : ".$file." | LINE : ".$line." | POST : ".implode(",",array_keys($_POST))." | GET : ".implode(",",array_keys($_GET))." | FILE : ".implode(",",array_keys($_FILE))." |\n");
+ fclose($h);
+ }
+}
+
+?>
Modified: branches/2.6/http/classes/class_element.php
===================================================================
--- branches/2.6/http/classes/class_element.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/classes/class_element.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -232,6 +232,9 @@
$splashScreen .= $htmlWhileLoading;
} elseif (isset($includeWhileLoading) && $includeWhileLoading != '' && file_exists(dirname(__FILE__)."/".$includeWhileLoading)) {
ob_start();
+ /*
+ * @security_patch finc open
+ */
include(dirname(__FILE__)."/".$includeWhileLoading);
$splashScreen .= ob_get_contents();
ob_end_clean();
Modified: branches/2.6/http/classes/class_gml2.php
===================================================================
--- branches/2.6/http/classes/class_gml2.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/classes/class_gml2.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -129,17 +129,20 @@
$pathOgr = '/usr/bin/ogr2ogr';
$w = $this->toFile($fGml);
+ /*
+ * @security_patch exec done
+ */
$exec = $pathOgr.' -f "ESRI Shapefile" "'.$fShape.'" '.$fGml;
- exec($exec);
+ exec(escapeshellcmd($exec));
$exec = 'zip -j '.$unique.' '.$unique.'.shp '.$unique.'.dbf '.$unique.'.shx '.$unique.'.gfs '.$unique.'.gml ';
- exec($exec);
+ exec(escapeshellcmd($exec));
$exec = 'rm -f '.$unique.' '.$unique.'.shp '.$unique.'.dbf '.$unique.'.shx '.$unique.'.gfs '.$unique.'.gml';
- exec($exec);
+ exec(escapeshellcmd($exec));
$exec = 'chmod 777 '.$unique.'.*';
- exec($exec);
+ exec(escapeshellcmd($exec));
//echo "<a href='../tmp/".$unique.".zip'>Download ".$prefix."<a>";
}
Modified: branches/2.6/http/classes/class_map.php
===================================================================
--- branches/2.6/http/classes/class_map.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/classes/class_map.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -303,7 +303,9 @@
else{
$con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
$con = pg_connect($con_string) or die ("Error while connecting database");
-
+ /*
+ * @security_patch sqli open
+ */
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$extArray[0]." ".$extArray[1].")',".$oldEPSG."),".$newEPSG.")) as minx";
$resMinx = pg_query($con,$sqlMinx);
$minx = floatval(pg_fetch_result($resMinx,0,"minx"));
Modified: branches/2.6/http/classes/class_metadata.php
===================================================================
--- branches/2.6/http/classes/class_metadata.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/classes/class_metadata.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -1299,7 +1299,9 @@
// Transformation
$temp = $this->search_bbox;
-
+ /*
+ * @security_patch sqli open
+ */
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[0]." ".$temp[1].")',".str_replace("EPSG:","",$this->search_epsg)."), 4326)) as minx";
$resMinx = @pg_query($con,$sqlMinx);
@@ -1342,7 +1344,9 @@
global $con;
$result="";
-
+ /*
+ * @security_patch sqli open
+ */
$sqlint = "SELECT intersects(envelope(geometryFROMtext('LINESTRING(".$s_minx." ".$s_miny.", ".$s_maxx." ".$s_maxy.")',".str_replace("EPSG:","",$epsg).")) " .
",envelope(geometryFROMtext('LINESTRING(".$db_minx." ".$db_miny.", ".$db_maxx." ".$db_maxy.")',".str_replace("EPSG:","",$epsg).")))";
Modified: branches/2.6/http/classes/class_weldMaps2Image.php
===================================================================
--- branches/2.6/http/classes/class_weldMaps2Image.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/classes/class_weldMaps2Image.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -122,8 +122,13 @@
$array_bbox = explode(" ", $wms_bbox);
$wms_bbox = $array_bbox[0]." ".$array_bbox[3]." ".$array_bbox[2]." ".$array_bbox[1];
+ /*
+ * @security_patch exec done
+ * Added escapeshellcmd()
+ */
+
$cmd = "gdal_translate -a_srs ".$wms_srs." -a_ullr ".$wms_bbox." ".$tmp_dir.$filenameOnly." ".$tmp_dir.$filename_tif;
- exec($cmd);
+ exec(escapeshellcmd($cmd));
$this->downloadLink($filename_tif);
@@ -156,8 +161,11 @@
if(!(bool)$dwFilename) {
die("No filename given.");
}
-
- if((int)strpos($dwFilename,"..") !== 0) {
+ /*
+ * @security_patch fdl done
+ * This allows filenames like ../../
+ */
+ if(strpos($dwFilename,"..") !== false) {
die("Illegal filename given.");
}
Modified: branches/2.6/http/classes/phpmailer-1.72/class.phpmailer.php
===================================================================
--- branches/2.6/http/classes/phpmailer-1.72/class.phpmailer.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/classes/phpmailer-1.72/class.phpmailer.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -595,6 +595,9 @@
*/
function SetLanguage($lang_type, $lang_path = "language/") {
if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php'))
+ /*
+ * @security_patch finc open
+ */
include($lang_path.'phpmailer.lang-'.$lang_type.'.php');
else if(file_exists($lang_path.'phpmailer.lang-en.php'))
include($lang_path.'phpmailer.lang-en.php');
Modified: branches/2.6/http/extensions/markResult.php
===================================================================
--- branches/2.6/http/extensions/markResult.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/extensions/markResult.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -24,7 +24,11 @@
*
*/
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require(dirname(__FILE__)."/../php/mb_validateSession.php");
$tmpx = array();
$tmpy = array();
Modified: branches/2.6/http/javascripts/map.php
===================================================================
--- branches/2.6/http/javascripts/map.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/javascripts/map.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -80,6 +80,9 @@
for ($i = 0; $i < count($extFileArray); $i++) {
$currentFile = $extPath . $extFileArray[$i];
if (file_exists($currentFile)) {
+ /*
+ * @security_patch finc open
+ */
require_once($currentFile);
}
else {
@@ -105,6 +108,9 @@
for ($i = 0; $i < count($libFileArray); $i++) {
$currentFile = $libPath . $libFileArray[$i];
if (file_exists($currentFile)) {
+ /*
+ * @security_patch finc open
+ */
require_once($currentFile);
echo "\n";
}
@@ -129,6 +135,9 @@
$currentFile = dirname(__FILE__) . "/../javascripts/" . trim($moduleArray[$i]);
if (file_exists($currentFile)) {
$e = new mb_notice("LOADING module : " . $currentFile);
+ /*
+ * @security_patch finc open
+ */
require_once($currentFile);
echo "\n";
}
@@ -174,12 +183,18 @@
echo "height:'".$row_js["e_height"]."'";
if (in_array($e_id, $modulesNotRelyingOnGlobalsArray)) {
echo ",\ninit : function () {\n";
+ /*
+ * @security_patch finc open
+ */
require($currentFile);
echo "}\n";
echo "};\n";
}
else {
echo "};\n";
+ /*
+ * @security_patch finc open
+ */
require($currentFile);
}
}
Modified: branches/2.6/http/javascripts/mod_digitize_tab.php
===================================================================
--- branches/2.6/http/javascripts/mod_digitize_tab.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/javascripts/mod_digitize_tab.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -108,6 +108,9 @@
echo "var mod_digitize_target = '".$e_target."';";
$digitizeConfFilenameAndPath = dirname(__FILE__) . "/../../conf/" . $digitize_conf_filename;
if ($digitize_conf_filename && file_exists($digitizeConfFilenameAndPath)) {
+ /*
+ * @security_patch finc open
+ */
include($digitizeConfFilenameAndPath);
}
?>
Modified: branches/2.6/http/javascripts/mod_poi.php
===================================================================
--- branches/2.6/http/javascripts/mod_poi.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/javascripts/mod_poi.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -124,7 +124,9 @@
die;
}
echo "var conffile = '".$confFile."';";
-
+/*
+ * @security_patch finc open
+ */
require_once(dirname(__FILE__) . "/../../conf/".$confFile);
echo "</script>";
@@ -232,7 +234,9 @@
}
$con = pg_connect ($con_string) or die ("Error while connecting database $dbname");
-
+ /*
+ * @security_patch sqli open
+ */
#$sql = "SELECT DISTINCT identificationinfo,minscale, md_fileidentifier ,search_columns, search_result FROM tab_metadata WHERE public = '1' and not identificationinfo = 'Rasterebene' and not identificationinfo = 'rasterlayer'";
$sql = "SELECT DISTINCT identificationinfo,minscale, md_fileidentifier ,".$title.",search_columns, search_result,search_keywords, wms_title FROM tab_metadata WHERE public = '1' and not identificationinfo = 'Rasterebene' and not identificationinfo = 'rasterlayer'";
$res = pg_query($con,$sql);
@@ -267,6 +271,9 @@
$has_result = false;
for($i=0; $i<count($table); $i++){
+ /*
+ * @security_patch sqli open
+ */
$sql = "Select GeometryType(the_geom) as type FROM ".$table[$i]." LIMIT 1";
$res = pg_query($con,$sql);
$type = pg_result($res,0,"type");
@@ -309,6 +316,9 @@
}
else {
}
+ /*
+ * @security_patch sqli open
+ */
$sql1 .= " ORDER BY ".$search_result[$i];
$res1 = pg_query($con,$sql1);
$cnt = 0;
Modified: branches/2.6/http/javascripts/mod_tooltip.php
===================================================================
--- branches/2.6/http/javascripts/mod_tooltip.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/javascripts/mod_tooltip.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -23,6 +23,9 @@
include '../include/dyn_php.php';
$fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename;
if (file_exists($fname)) {
+ /*
+ * @security_patch finc open
+ */
include($fname);
}
else {
Modified: branches/2.6/http/javascripts/mod_wfs_SpatialRequest.php
===================================================================
--- branches/2.6/http/javascripts/mod_wfs_SpatialRequest.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/javascripts/mod_wfs_SpatialRequest.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -22,6 +22,9 @@
include '../include/dyn_php.php';
$fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename;
if (file_exists($fname)) {
+ /*
+ * @security_patch finc open
+ */
include($fname);
}
else {
Modified: branches/2.6/http/javascripts/mod_wfs_gazetteer_client.php
===================================================================
--- branches/2.6/http/javascripts/mod_wfs_gazetteer_client.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/javascripts/mod_wfs_gazetteer_client.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -37,6 +37,9 @@
<?php
include '../include/dyn_js.php';
include '../include/dyn_php.php';
+ /*
+ * @security_patch finc open
+ */
include(dirname(__FILE__) . "/../../conf/" . $wfs_spatial_request_conf_filename);
echo "var targetString = '" . $target . "';";
Modified: branches/2.6/http/php/mod_addWmsFromFeatureInfo.php
===================================================================
--- branches/2.6/http/php/mod_addWmsFromFeatureInfo.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_addWmsFromFeatureInfo.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
include(dirname(__FILE__).'/../include/dyn_js.php');
Modified: branches/2.6/http/php/mod_category_filteredGUI.php
===================================================================
--- branches/2.6/http/php/mod_category_filteredGUI.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_category_filteredGUI.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="category_filteredGUI";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
Modified: branches/2.6/http/php/mod_changeEPSG_server.php
===================================================================
--- branches/2.6/http/php/mod_changeEPSG_server.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_changeEPSG_server.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -64,7 +64,9 @@
}else{
$con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
$con = pg_connect($con_string) or die ("Error while connecting database");
-
+ /*
+ * @security_patch sqli open
+ */
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$extArray[0]." ".$extArray[1].")',".$oldEPSG."),".$newEPSG.")) as minx";
$resMinx = pg_query($con,$sqlMinx);
$minx = floatval(pg_fetch_result($resMinx,0,"minx"));
Modified: branches/2.6/http/php/mod_changePassword.php
===================================================================
--- branches/2.6/http/php/mod_changePassword.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_changePassword.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_createCategory.php
===================================================================
--- branches/2.6/http/php/mod_createCategory.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_createCategory.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="createCategory";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_createUser.php
===================================================================
--- branches/2.6/http/php/mod_createUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_createUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../classes/class_gui.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_deleteFilteredGUI.php
===================================================================
--- branches/2.6/http/php/mod_deleteFilteredGUI.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_deleteFilteredGUI.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="delete_filteredGui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_deleteGUI.php
===================================================================
--- branches/2.6/http/php/mod_deleteGUI.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_deleteGUI.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="deleteGui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_deleteWFS.php
===================================================================
--- branches/2.6/http/php/mod_deleteWFS.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_deleteWFS.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="deleteWFS";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_deleteWMS.php
===================================================================
--- branches/2.6/http/php/mod_deleteWMS.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_deleteWMS.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="deleteWMS";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_editElementVars.php
===================================================================
--- branches/2.6/http/php/mod_editElementVars.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editElementVars.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
Modified: branches/2.6/http/php/mod_editElements.php
===================================================================
--- branches/2.6/http/php/mod_editElements.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editElements.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="editElements";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_editFilteredGroup.php
===================================================================
--- branches/2.6/http/php/mod_editFilteredGroup.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editFilteredGroup.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="editFilteredGroup";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_editFilteredUser.php
===================================================================
--- branches/2.6/http/php/mod_editFilteredUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editFilteredUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="editFilteredUser";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
$myUser = true;
Modified: branches/2.6/http/php/mod_editGuiWms.php
===================================================================
--- branches/2.6/http/php/mod_editGuiWms.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editGuiWms.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="editGUI_WMS";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_wms.php");
Modified: branches/2.6/http/php/mod_editGuiWmsMeta.php
===================================================================
--- branches/2.6/http/php/mod_editGuiWmsMeta.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editGuiWmsMeta.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
include(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_editSelf.php
===================================================================
--- branches/2.6/http/php/mod_editSelf.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editSelf.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_editUser.php
===================================================================
--- branches/2.6/http/php/mod_editUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_editUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="editUser";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_edit_element_vars.php
===================================================================
--- branches/2.6/http/php/mod_edit_element_vars.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_edit_element_vars.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
include(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_edit_metadata.php
===================================================================
--- branches/2.6/http/php/mod_edit_metadata.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_edit_metadata.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
include(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_evalArea.php
===================================================================
--- branches/2.6/http/php/mod_evalArea.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_evalArea.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
include '../include/dyn_css.php';
@@ -98,6 +102,9 @@
$sql .= $posX[$i] . " " . $posY[$i];
}
$sql .= ")))',".rawurldecode($epsg).")) as myArea";
+ /*
+ * @security_patch sqli open
+ */
$res = pg_query($con,$sql);
$cnt = 0;
Modified: branches/2.6/http/php/mod_exportGUI.php
===================================================================
--- branches/2.6/http/php/mod_exportGUI.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_exportGUI.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="exportGUI";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_export_image.php
===================================================================
--- branches/2.6/http/php/mod_export_image.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_export_image.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
$_SESSION["mb_print_url"] = $map_url;
Modified: branches/2.6/http/php/mod_filteredGroup_Gui.php
===================================================================
--- branches/2.6/http/php/mod_filteredGroup_Gui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGroup_Gui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGroup_Gui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredGroup_User.php
===================================================================
--- branches/2.6/http/php/mod_filteredGroup_User.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGroup_User.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGroup_User";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredGroup_filteredGui.php
===================================================================
--- branches/2.6/http/php/mod_filteredGroup_filteredGui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGroup_filteredGui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGroup_filteredGui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredGroup_filteredUser.php
===================================================================
--- branches/2.6/http/php/mod_filteredGroup_filteredUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGroup_filteredUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGoup_filteredUser";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredGui_User.php
===================================================================
--- branches/2.6/http/php/mod_filteredGui_User.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGui_User.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGui_user";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredGui_filteredGroup.php
===================================================================
--- branches/2.6/http/php/mod_filteredGui_filteredGroup.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGui_filteredGroup.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGui_filteredGroup";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredGui_filteredUser.php
===================================================================
--- branches/2.6/http/php/mod_filteredGui_filteredUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGui_filteredUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -18,7 +18,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGui_filteredUser";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
Modified: branches/2.6/http/php/mod_filteredGui_group.php
===================================================================
--- branches/2.6/http/php/mod_filteredGui_group.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredGui_group.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredGui_Group";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredUser_Group.php
===================================================================
--- branches/2.6/http/php/mod_filteredUser_Group.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredUser_Group.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredUser_Group";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredUser_Gui.php
===================================================================
--- branches/2.6/http/php/mod_filteredUser_Gui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredUser_Gui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredUser_Gui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredUser_filteredGroup.php
===================================================================
--- branches/2.6/http/php/mod_filteredUser_filteredGroup.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredUser_filteredGroup.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredUser_filteredGroup";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredUser_filteredGui.php
===================================================================
--- branches/2.6/http/php/mod_filteredUser_filteredGui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredUser_filteredGui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="filteredUser_filteredGui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_filteredWms_topic.php
===================================================================
--- branches/2.6/http/php/mod_filteredWms_topic.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_filteredWms_topic.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__) . "/../php/mb_validatePermission.php");
require_once(dirname(__FILE__) . "/../classes/class_administration.php");
?>
Modified: branches/2.6/http/php/mod_forgottenPassword.php
===================================================================
--- branches/2.6/http/php/mod_forgottenPassword.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_forgottenPassword.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../../core/globalSettings.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
?>
Modified: branches/2.6/http/php/mod_getStyles.php
===================================================================
--- branches/2.6/http/php/mod_getStyles.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_getStyles.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
$pattern = "admin_name";
Modified: branches/2.6/http/php/mod_group_filteredGui.php
===================================================================
--- branches/2.6/http/php/mod_group_filteredGui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_group_filteredGui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="Group_filteredGui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_group_filteredUser.php
===================================================================
--- branches/2.6/http/php/mod_group_filteredUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_group_filteredUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="group_filteredUser";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_group_gui.php
===================================================================
--- branches/2.6/http/php/mod_group_gui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_group_gui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="Group_Gui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_group_user.php
===================================================================
--- branches/2.6/http/php/mod_group_user.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_group_user.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="Group_User";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_gui_filteredGroup.php
===================================================================
--- branches/2.6/http/php/mod_gui_filteredGroup.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_gui_filteredGroup.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="gui_filteredGroup";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_gui_filteredUser.php
===================================================================
--- branches/2.6/http/php/mod_gui_filteredUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_gui_filteredUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="gui_filteredUser";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_gui_group.php
===================================================================
--- branches/2.6/http/php/mod_gui_group.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_gui_group.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="Gui_Group";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_gui_owner.php
===================================================================
--- branches/2.6/http/php/mod_gui_owner.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_gui_owner.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="gui_owner";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_gui_user.php
===================================================================
--- branches/2.6/http/php/mod_gui_user.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_gui_user.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="Gui_User";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_loadCapabilities.php
===================================================================
--- branches/2.6/http/php/mod_loadCapabilities.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_loadCapabilities.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="loadWMS";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_loadCapabilitiesList.php
===================================================================
--- branches/2.6/http/php/mod_loadCapabilitiesList.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_loadCapabilitiesList.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="loadWMSList";
require(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_loadCapabilities_temp.php
===================================================================
--- branches/2.6/http/php/mod_loadCapabilities_temp.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_loadCapabilities_temp.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
include(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/mb_validateInput.php");
?>
Modified: branches/2.6/http/php/mod_loadWFSCapabilities.php
===================================================================
--- branches/2.6/http/php/mod_loadWFSCapabilities.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_loadWFSCapabilities.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="loadWFS";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_newGui.php
===================================================================
--- branches/2.6/http/php/mod_newGui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_newGui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="newGui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_orphanWMS.php
===================================================================
--- branches/2.6/http/php/mod_orphanWMS.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_orphanWMS.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="orphanWMS";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
Modified: branches/2.6/http/php/mod_printView1.php
===================================================================
--- branches/2.6/http/php/mod_printView1.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_printView1.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
include(dirname(__FILE__)."/../../conf/print.conf");
$_SESSION["mb_print_url"] = $map_url;
Modified: branches/2.6/http/php/mod_renameGUI.php
===================================================================
--- branches/2.6/http/php/mod_renameGUI.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_renameGUI.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -19,7 +19,11 @@
$e_id="rename_copy_Gui";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_saveWKT.php
===================================================================
--- branches/2.6/http/php/mod_saveWKT.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_saveWKT.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -231,6 +231,9 @@
}
$sql .= ")";
#echo $sql;
+/*
+ * @security_patch sqli open
+ */
$res = pg_query($con,$sql);
}
Modified: branches/2.6/http/php/mod_showGuiName.php
===================================================================
--- branches/2.6/http/php/mod_showGuiName.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_showGuiName.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_showLoggedUser.php
===================================================================
--- branches/2.6/http/php/mod_showLoggedUser.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_showLoggedUser.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/mod_treefolderAdmin.php
===================================================================
--- branches/2.6/http/php/mod_treefolderAdmin.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_treefolderAdmin.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -19,7 +19,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
Modified: branches/2.6/http/php/mod_treefolderClient.php
===================================================================
--- branches/2.6/http/php/mod_treefolderClient.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_treefolderClient.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
Modified: branches/2.6/http/php/mod_updateWMS.php
===================================================================
--- branches/2.6/http/php/mod_updateWMS.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_updateWMS.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="updateWMSs";
require_once(dirname(__FILE__)."/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_wms.php");
Modified: branches/2.6/http/php/mod_user_filteredGroup.php
===================================================================
--- branches/2.6/http/php/mod_user_filteredGroup.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_user_filteredGroup.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="user_filteredGroup";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_user_filteredGui.php
===================================================================
--- branches/2.6/http/php/mod_user_filteredGui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_user_filteredGui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="user_filteredGui";
require_once(dirname(__FILE__)."/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_wms.php");
Modified: branches/2.6/http/php/mod_user_group.php
===================================================================
--- branches/2.6/http/php/mod_user_group.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_user_group.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="User_Group";
require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
?>
Modified: branches/2.6/http/php/mod_user_gui.php
===================================================================
--- branches/2.6/http/php/mod_user_gui.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_user_gui.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$e_id="user_gui";
require_once(dirname(__FILE__)."/mb_validatePermission.php");
require_once(dirname(__FILE__)."/../classes/class_wms.php");
Modified: branches/2.6/http/php/mod_zoomCoords_en.php
===================================================================
--- branches/2.6/http/php/mod_zoomCoords_en.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/mod_zoomCoords_en.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/php/nestedSets.php
===================================================================
--- branches/2.6/http/php/nestedSets.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/php/nestedSets.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Modified: branches/2.6/http/print/mod_printPDF.php
===================================================================
--- branches/2.6/http/print/mod_printPDF.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/print/mod_printPDF.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -43,7 +43,9 @@
<?php
//FIXME:
//setlocale(LC_ALL, "de_DE.utf8");
-
+ /*
+ * @security_patch finc open
+ */
require_once(dirname(__FILE__)."/../print/" . $confFile);
printf("
Modified: branches/2.6/http/print/mod_printPDF_pdf.php
===================================================================
--- branches/2.6/http/print/mod_printPDF_pdf.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/http/print/mod_printPDF_pdf.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -33,7 +33,9 @@
$e = new mb_exception($errorMessage);
die;
}
-
+/*
+ * @security_patch finc open
+ */
include (dirname(__FILE__)."/../print/".$confFile);
include (dirname(__FILE__)."/../classes/class_SaveLegend.php");
include (dirname(__FILE__)."/../print/print_functions.php");
Modified: branches/2.6/tools/mod_monitorCapabilities_main.php
===================================================================
--- branches/2.6/tools/mod_monitorCapabilities_main.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/tools/mod_monitorCapabilities_main.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -19,7 +19,11 @@
//require_once(dirname(__FILE__) . "/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
//session_start();
-//import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
@@ -151,7 +155,10 @@
else {
$exec = PHP_PATH . "php5 mod_monitorCapabilities_write.php ".$wms_id_own[$k]." ".$time." 0 > ../tmp/output_".$time."_".$wms_id_own[$k].".txt &";
}
- exec($exec);
+ /*
+ * @security_patch exec done
+ */
+ exec(escapeshellcmd($exec));
}
echo "Monitoring Cycle completed (total: " . count($wms_id_own) . " wms).\n\n";
if ($cl == 0) echo "<br/><br/>";
Modified: branches/2.6/tools/mod_monitorCapabilities_read.php
===================================================================
--- branches/2.6/tools/mod_monitorCapabilities_read.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/tools/mod_monitorCapabilities_read.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -20,7 +20,11 @@
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
session_start();
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
?>
@@ -49,9 +53,11 @@
$v = array($now, $now, $_POST['upl_id'.$i], $upd_wmsid);
$t = array('s', 's', 's', 'i');
$res = db_prep_query($sql,$v,$t);
-
+ /*
+ * @security_patch exec done
+ */
$exec = PHP_PATH . "php mod_monitorCapabilities_write.php ".$upd_wmsid." ".$_POST['upl_id'.$i]." 1 > output.txt &";
- exec($exec);
+ exec(escapeshellcmd($exec));
}
}
@@ -85,7 +91,7 @@
else {
$avg_response_time[$wms[$i]] = round(db_result($res,0,1)-db_result($res,0,0), 1);
}
-
+
$sql = "SELECT status, status_comment, timestamp_begin, timestamp_end, upload_url, updated, image, map_url, caps_diff FROM mb_monitor ";
$sql .= "WHERE upload_id = $1 AND fkey_wms_id = $2 ORDER BY status, status_comment, timestamp_end, fkey_wms_id";
$v = array($upload_id[$wms[$i]], $wms_id[$wms[$i]]);
@@ -99,7 +105,7 @@
$upload_url[$wms[$i]] = db_result($res,0,"upload_url");
$updated[$wms[$i]] = db_result($res,0,"updated");
$mapurl[$wms[$i]] = db_result($res,0,"map_url");
- $image[$wms[$i]] = db_result($res,0,"image");
+ $image[$wms[$i]] = db_result($res,0,"image");
$caps_diff[$wms[$i]] = db_result($res,0,"caps_diff");
if ($status[$wms[$i]] == -2 && intval(time())-intval($timestamp_begin[$wms[$i]]) > intval(TIME_LIMIT)) {
@@ -237,11 +243,11 @@
$str .= "</tr></table></td>";
# $str .= "\n\t\t\t<td><a href='output_".$wms_id[$k]."_".$max.".txt' target=_blank>log</a></td>";
- $str .= "\n\t\t<td><input type=button value='details' onclick=\"var newWindow = window.open('../tools/mod_monitorCapabilities_read_single.php?wmsid=".$wms_id[$k]."','wms','width=500,height=700,scrollbars');newWindow.href.location='test.php'\"></td>";
+ $str .= "\n\t\t<td><input type=button value='details' onclick=\"var newWindow = window.open('../tools/mod_monitorCapabilities_read_single.php?wmsid=".$wms_id[$k]."','wms','width=500,height=700,scrollbars');newWindow.href.location='test.php'\"></td>";
$str .= "\n\t\t\t<td>";
- if ($caps_diff[$k] != "")
- $str .= "<a href='mod_monitorCapabilities_read_single_diff.php?wmsid=".$wms_id[$k]."&upload_id=".$upload_id[$k]."' target=_blank>view</a>";
- $str .= "</td></tr>";
+ if ($caps_diff[$k] != "")
+ $str .= "<a href='mod_monitorCapabilities_read_single_diff.php?wmsid=".$wms_id[$k]."&upload_id=".$upload_id[$k]."' target=_blank>view</a>";
+ $str .= "</td></tr>";
$cnt++;
}
$str .= "\n\t</table>\n\t<br/><input type=hidden name=cbs value='".$cnt."'>\n</form>";
Modified: branches/2.6/tools/mod_monitorCapabilities_read_single.php
===================================================================
--- branches/2.6/tools/mod_monitorCapabilities_read_single.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/tools/mod_monitorCapabilities_read_single.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -20,7 +20,11 @@
require_once(dirname(__FILE__)."/../conf/mapbender.conf");
require_once(dirname(__FILE__)."/../http/classes/class_administration.php");
session_start();
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
?>
Modified: branches/2.6/tools/mod_monitorCapabilities_read_single_diff.php
===================================================================
--- branches/2.6/tools/mod_monitorCapabilities_read_single_diff.php 2010-11-11 12:33:30 UTC (rev 7115)
+++ branches/2.6/tools/mod_monitorCapabilities_read_single_diff.php 2010-11-11 15:50:41 UTC (rev 7116)
@@ -19,7 +19,11 @@
#require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
-import_request_variables("PG");
+/*
+ * @security_patch irv open
+ */
+// security_patch_log(__FILE__,__LINE__);
+import_request_variables("PG");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
More information about the Mapbender_commits
mailing list