[Mapbender-commits] r10157 - in trunk/mapbender/http: classes php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Tue Jun 25 00:09:35 PDT 2019
Author: armin11
Date: 2019-06-25 00:09:34 -0700 (Tue, 25 Jun 2019)
New Revision: 10157
Modified:
trunk/mapbender/http/classes/class_wfs_conf.php
trunk/mapbender/http/php/mod_wfs_conf.php
trunk/mapbender/http/php/mod_wfs_edit.php
Log:
Security fix for wfs_conf editor - only allow editing on owned wfs
Modified: trunk/mapbender/http/classes/class_wfs_conf.php
===================================================================
--- trunk/mapbender/http/classes/class_wfs_conf.php 2019-06-19 13:17:59 UTC (rev 10156)
+++ trunk/mapbender/http/classes/class_wfs_conf.php 2019-06-25 07:09:34 UTC (rev 10157)
@@ -347,6 +347,17 @@
$cnt++;
}
}
+ public function getowned($userId) {
+ $wfsConfIdArray = array();
+ $sql = "SELECT wfs_conf_id FROM wfs_conf INNER JOIN wfs ON wfs.wfs_id = wfs_conf.fkey_wfs_id WHERE wfs.wfs_owner = $1";
+ $v = array($userId);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+ while ($row = db_fetch_array($res)){
+ $wfsConfIdArray[] = $row['wfs_conf_id'];
+ }
+ return $wfsConfIdArray;
+ }
function getfeatures($wfsid){
$this->features = new features($wfsid);
}
Modified: trunk/mapbender/http/php/mod_wfs_conf.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_conf.php 2019-06-19 13:17:59 UTC (rev 10156)
+++ trunk/mapbender/http/php/mod_wfs_conf.php 2019-06-25 07:09:34 UTC (rev 10157)
@@ -19,6 +19,10 @@
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
+
+$resultObj['result'] = '';
+$resultObj['success'] = false;
+$resultObj['message'] = 'no message';
?>
<html>
<head>
@@ -105,8 +109,14 @@
<?php
$aWFS = new wfs_conf();
$aWFS->getallwfs(Mapbender::session()->get("mb_user_id"));
+//$e = new mb_exception(json_encode($aWFS));
+if (count($aWFS->wfs_id) == 0) {
+ $resultObj['message'] ='User owns no wfs - module not available!';
+ $resultObj['result'] = null;
+ echo json_encode($resultObj);
+ die();
+}
-
function toImage($text) {
$angle = 90;
if (extension_loaded("gd2")) {
Modified: trunk/mapbender/http/php/mod_wfs_edit.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_edit.php 2019-06-19 13:17:59 UTC (rev 10156)
+++ trunk/mapbender/http/php/mod_wfs_edit.php 2019-06-25 07:09:34 UTC (rev 10157)
@@ -18,7 +18,26 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
-
+require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
+$wfsConf = new wfs_conf();
+$resultObj['result'] = '';
+$resultObj['success'] = false;
+$resultObj['message'] = 'no message';
+//check permission on wfs_conf by user
+if (Mapbender::session()->get("mb_user_id")) {
+ $wfsConfIdArray = $wfsConf->getowned(Mapbender::session()->get("mb_user_id"));
+ if (count($wfsConfIdArray) == 0) {
+ $resultObj['message'] ='User owns no wfs_conf - module not available!';
+ $resultObj['result'] = null;
+ echo json_encode($resultObj);
+ die();
+ }
+} else {
+ $resultObj['message'] ='No user found in session - access to module not possible!';
+ $resultObj['result'] = null;
+ echo json_encode($resultObj);
+ die();
+}
?>
<html>
<head>
@@ -91,9 +110,16 @@
Select WFS Configuration:<br><br>
<?php
/* save wfs_conf properties */
+//check if $_POST['gaz'] is in allowed wfsConfIdArray !
if(isset($_POST["save"])){
-
+ //check if $_POST['gaz'] is in allowed wfsConfIdArray !
+ if (!in_array((integer)$_POST['gaz'], $wfsConfIdArray, true)) {
+ $resultObj['message'] ='wfs_conf, that should be edited is not owned by the current user!';
+ $resultObj['result'] = null;
+ echo json_encode($resultObj);
+ die();
+ }
$sql = "UPDATE wfs_conf SET ";
$sql .= "wfs_conf_abstract = $1, g_label = $2, ";
$sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
@@ -107,7 +133,7 @@
$sql .= " WHERE wfs_conf_id = $9;";
$v = array($_POST["wfs_conf_abstract"], $_POST["g_label"], $_POST["g_label_id"], $_POST["g_button"], $_POST["g_button_id"], $_POST["g_style"], $_POST["g_buffer"], $_POST["g_res_style"], $_POST["gaz"]);
- $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i");
$res = db_prep_query($sql, $v, $t);
if (isset($_POST["f_geom"])) {
@@ -194,7 +220,9 @@
/* select wfs */
-$sql = "SELECT * FROM wfs_conf ORDER BY wfs_conf_id";
+$sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id in (".implode(',', $wfsConfIdArray).") ORDER BY wfs_conf_id";
+//$sql = "SELECT * FROM wfs_conf ORDER BY wfs_conf_id";
+
$res = db_query($sql);
echo "<select size='10' name='gaz' onchange='submit()'>";
$cnt = 0;
@@ -209,7 +237,6 @@
echo "</select>";
-
/* end select wfs */
function toImage($text) {
@@ -222,6 +249,13 @@
/* configure elements */
if (isset($_POST["gaz"])) {
+ //check if $_POST['gaz'] is in allowed wfsConfIdArray !
+ if (!in_array((integer)$_POST['gaz'], $wfsConfIdArray, true)) {
+ $resultObj['message'] ='wfs_conf, that should be edited is not owned by the current user!';
+ $resultObj['result'] = null;
+ echo json_encode($resultObj);
+ die();
+ }
$sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
$v = array($_POST["gaz"]);
$t = array("i");
More information about the Mapbender_commits
mailing list