[Mapbender-commits] r10157 - in trunk/mapbender/http: classes php

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Tue Jun 25 00:09:35 PDT 2019 

Author: armin11
Date: 2019-06-25 00:09:34 -0700 (Tue, 25 Jun 2019)
New Revision: 10157

Modified:
   trunk/mapbender/http/classes/class_wfs_conf.php
   trunk/mapbender/http/php/mod_wfs_conf.php
   trunk/mapbender/http/php/mod_wfs_edit.php
Log:
Security fix for wfs_conf editor - only allow editing on owned wfs

Modified: trunk/mapbender/http/classes/class_wfs_conf.php
===================================================================
--- trunk/mapbender/http/classes/class_wfs_conf.php	2019-06-19 13:17:59 UTC (rev 10156)
+++ trunk/mapbender/http/classes/class_wfs_conf.php	2019-06-25 07:09:34 UTC (rev 10157)
@@ -347,6 +347,17 @@
 			$cnt++;
 		}	
 	}
+	public function getowned($userId) {
+		$wfsConfIdArray = array();
+		$sql = "SELECT wfs_conf_id FROM wfs_conf INNER JOIN wfs ON wfs.wfs_id = wfs_conf.fkey_wfs_id WHERE wfs.wfs_owner = $1";
+		$v = array($userId);
+		$t = array('i');
+		$res = db_prep_query($sql,$v,$t);
+		while ($row = db_fetch_array($res)){
+			$wfsConfIdArray[] = $row['wfs_conf_id'];
+		}
+		return $wfsConfIdArray;
+	}
 	function getfeatures($wfsid){
 		$this->features = new features($wfsid);
 	}

Modified: trunk/mapbender/http/php/mod_wfs_conf.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_conf.php	2019-06-19 13:17:59 UTC (rev 10156)
+++ trunk/mapbender/http/php/mod_wfs_conf.php	2019-06-25 07:09:34 UTC (rev 10157)
@@ -19,6 +19,10 @@
 
 require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
 require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
+
+$resultObj['result'] = '';
+$resultObj['success'] = false;
+$resultObj['message'] = 'no message';
 ?>
 <html>
 <head>
@@ -105,8 +109,14 @@
 <?php
 $aWFS = new wfs_conf();
 $aWFS->getallwfs(Mapbender::session()->get("mb_user_id"));
+//$e = new mb_exception(json_encode($aWFS));
+if (count($aWFS->wfs_id) == 0) {
+		$resultObj['message'] ='User owns no wfs - module not available!'; 
+		$resultObj['result'] = null;
+		echo json_encode($resultObj);
+		die();
+}
 
-
 function toImage($text) {
 	$angle = 90;
 	if (extension_loaded("gd2")) {

Modified: trunk/mapbender/http/php/mod_wfs_edit.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_edit.php	2019-06-19 13:17:59 UTC (rev 10156)
+++ trunk/mapbender/http/php/mod_wfs_edit.php	2019-06-25 07:09:34 UTC (rev 10157)
@@ -18,7 +18,26 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
-
+require(dirname(__FILE__)."/../classes/class_wfs_conf.php");
+$wfsConf = new wfs_conf();
+$resultObj['result'] = '';
+$resultObj['success'] = false;
+$resultObj['message'] = 'no message';
+//check permission on wfs_conf by user
+if (Mapbender::session()->get("mb_user_id")) {
+	$wfsConfIdArray = $wfsConf->getowned(Mapbender::session()->get("mb_user_id"));
+	if (count($wfsConfIdArray) == 0) {
+		$resultObj['message'] ='User owns no wfs_conf - module not available!'; 
+		$resultObj['result'] = null;
+		echo json_encode($resultObj);
+		die();
+	}
+} else {
+	$resultObj['message'] ='No user found in session - access to module not possible!'; 
+	$resultObj['result'] = null;
+	echo json_encode($resultObj);
+	die();
+}
 ?>
 <html>
 <head>
@@ -91,9 +110,16 @@
 Select WFS Configuration:<br><br>
 <?php
 /* save wfs_conf properties */
+//check if $_POST['gaz'] is in allowed wfsConfIdArray !
 
 if(isset($_POST["save"])){
-
+	//check if $_POST['gaz'] is in allowed wfsConfIdArray !
+	if (!in_array((integer)$_POST['gaz'], $wfsConfIdArray, true)) {
+		$resultObj['message'] ='wfs_conf, that should be edited is not owned by the current user!'; 
+		$resultObj['result'] = null;
+		echo json_encode($resultObj);
+		die();
+	}
         $sql = "UPDATE wfs_conf SET ";
         $sql .= "wfs_conf_abstract = $1, g_label = $2, ";
         $sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
@@ -107,7 +133,7 @@
         $sql .= " WHERE wfs_conf_id = $9;";
         
         $v = array($_POST["wfs_conf_abstract"], $_POST["g_label"], $_POST["g_label_id"], $_POST["g_button"], $_POST["g_button_id"], $_POST["g_style"], $_POST["g_buffer"], $_POST["g_res_style"], $_POST["gaz"]);
-        $t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
+        $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i");
         $res = db_prep_query($sql, $v, $t);
 		        
 		if (isset($_POST["f_geom"])) {
@@ -194,7 +220,9 @@
 
 /* select wfs */
 
-$sql = "SELECT * FROM wfs_conf ORDER BY wfs_conf_id";
+$sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id in (".implode(',', $wfsConfIdArray).") ORDER BY wfs_conf_id";
+//$sql = "SELECT * FROM wfs_conf ORDER BY wfs_conf_id";
+
 $res = db_query($sql);
 echo "<select size='10' name='gaz' onchange='submit()'>";
 $cnt = 0;
@@ -209,7 +237,6 @@
 echo "</select>";
 
 
-
 /* end select wfs */
 
 function toImage($text) {
@@ -222,6 +249,13 @@
 
 /* configure elements */
 if (isset($_POST["gaz"])) {
+	//check if $_POST['gaz'] is in allowed wfsConfIdArray !
+	if (!in_array((integer)$_POST['gaz'], $wfsConfIdArray, true)) {
+		$resultObj['message'] ='wfs_conf, that should be edited is not owned by the current user!'; 
+		$resultObj['result'] = null;
+		echo json_encode($resultObj);
+		die();
+	}
         $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
         $v = array($_POST["gaz"]);
         $t = array("i");

More information about the Mapbender_commits mailing list