[Mapbender-commits] r8618 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Wed May 8 07:58:55 PDT 2013
Author: armin11
Date: 2013-05-08 07:58:54 -0700 (Wed, 08 May 2013)
New Revision: 8618
Modified:
trunk/mapbender/http/php/mod_getServiceDisclaimer.php
trunk/mapbender/http/php/mod_getWmcDisclaimer.php
Log:
Rewind changes for xss hardening
Modified: trunk/mapbender/http/php/mod_getServiceDisclaimer.php
===================================================================
--- trunk/mapbender/http/php/mod_getServiceDisclaimer.php 2013-05-08 14:49:34 UTC (rev 8617)
+++ trunk/mapbender/http/php/mod_getServiceDisclaimer.php 2013-05-08 14:58:54 UTC (rev 8618)
@@ -28,7 +28,7 @@
$testMatch = $_REQUEST["id"];
$pattern = '/^[\d]*$/';
if (!preg_match($pattern,$testMatch)){
- echo 'id: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'id is not valid.<br/>';
die();
}
$id = (integer)$testMatch;
@@ -39,7 +39,7 @@
//validate to wms, wfs
$testMatch = $_REQUEST["type"];
if (!($testMatch == 'wms' or $testMatch == 'wfs')){
- echo 'type: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'type is not valid.<br/>';
die();
}
$type = $testMatch;
@@ -50,7 +50,7 @@
//validate to wms, wfs
$testMatch = $_REQUEST["languageCode"];
if (!($testMatch == 'de' or $testMatch == 'en' or $testMatch == 'fr')){
- echo 'type: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'languageCode is not valid.<br/>';
die();
}
$languageCode = $testMatch;
@@ -61,7 +61,7 @@
//validate to wms, wfs
$testMatch = $_REQUEST["withHeader"];
if (!($testMatch == 'true' or $testMatch == 'false')){
- echo 'type: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'withHeader is not valid.<br/>';
die();
}
if ($testMatch == 'true'){
@@ -76,7 +76,7 @@
//validate to wms, wfs
$testMatch = $_REQUEST["asTable"];
if (!($testMatch == 'true' or $testMatch == 'false')){
- echo 'type: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'asTable is not valid.<br/>';
die();
}
if ($testMatch == 'true'){
Modified: trunk/mapbender/http/php/mod_getWmcDisclaimer.php
===================================================================
--- trunk/mapbender/http/php/mod_getWmcDisclaimer.php 2013-05-08 14:49:34 UTC (rev 8617)
+++ trunk/mapbender/http/php/mod_getWmcDisclaimer.php 2013-05-08 14:58:54 UTC (rev 8618)
@@ -26,7 +26,7 @@
$testMatch = $_REQUEST["id"];
$pattern = '/^[\d]*$/';
if (!preg_match($pattern,$testMatch)){
- echo 'id: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'id is not valid.<br/>';
die();
}
$id = (integer)$testMatch;
@@ -39,7 +39,7 @@
//look for whitelist in mapbender.conf
$HOSTNAME_WHITELIST_array = explode(",",HOSTNAME_WHITELIST);
if (!in_array($testMatch,$HOSTNAME_WHITELIST_array)) {
- echo "Requested hostname <b>".$testMatch."</b> not whitelist! Please control your mapbender.conf.";
+ echo "Requested hostname not in whitelist! Please control your mapbender.conf.";
$e = new mb_notice("Whitelist: ".HOSTNAME_WHITELIST);
$e = new mb_notice($testMatch." not found in whitelist!");
die();
@@ -54,7 +54,7 @@
//validate to wms, wfs
$testMatch = $_REQUEST["languageCode"];
if (!($testMatch == 'de' or $testMatch == 'en' or $testMatch == 'fr')){
- echo 'type: <b>'.$testMatch.'</b> is not valid.<br/>';
+ echo 'languageCode is not valid.<br/>';
die();
}
$languageCode = $testMatch;
@@ -84,7 +84,7 @@
//javascript:openwindow("../php/mod_showMetadata.php?resource=layer&layout=tabs&redirectToMetadataUrl=1&id=20655");
//Generate wmc document by id
$wmcFactory = new WmcFactory;
-$e = new mb_exception("mod_getWmcDisclaimer.php: wmcid: ".$id);
+$e = new mb_notice("mod_getWmcDisclaimer.php: wmcid: ".$id);
$wmcObj = $wmcFactory->createFromDb($id);
//generate header for disclaimer:
echo "<b>".$translation['wmcDisclaimerHeader']."</b><br><br>";#
More information about the Mapbender_commits
mailing list