[Mapbender-commits] r9152 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Tue Feb 17 03:03:48 PST 2015
Author: armin11
Date: 2015-02-17 03:03:48 -0800 (Tue, 17 Feb 2015)
New Revision: 9152
Modified:
trunk/mapbender/http/php/mod_callMetadata.php
Log:
Fix for XSS vulnerability
Modified: trunk/mapbender/http/php/mod_callMetadata.php
===================================================================
--- trunk/mapbender/http/php/mod_callMetadata.php 2015-02-05 10:44:45 UTC (rev 9151)
+++ trunk/mapbender/http/php/mod_callMetadata.php 2015-02-17 11:03:48 UTC (rev 9152)
@@ -44,7 +44,7 @@
$searchPages = "1";
$resourceIds = NULL; //resourceIds is used to get a comma separated list with ids of the resources - layer - featuretypes - wmc
//it will be used to filter some results
-$resultTarget = "debug";
+$resultTarget = "web";
$preDefinedMaxResults = array(5,10,15,20,25,30);
$searchEPSG = "EPSG:31466";
$classJSON = new Mapbender_JSON;
@@ -91,6 +91,8 @@
die();
}
$searchText = $testMatch;
+ $searchText = str_replace('<','{<}',$searchText);
+ $searchText = str_replace('>','{>}',$searchText);
$testMatch = NULL;
if ($searchText ==='false') {
$searchText ='*';
More information about the Mapbender_commits
mailing list