[mapguide-commits] r4744 - in trunk/MgDev/Web/src: mapviewerjava
mapviewernet mapviewerphp
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Tue Apr 6 11:56:33 EDT 2010
Author: chrisclaydon
Date: 2010-04-06 11:56:33 -0400 (Tue, 06 Apr 2010)
New Revision: 4744
Modified:
trunk/MgDev/Web/src/mapviewerjava/ajaxviewerabout.jsp
trunk/MgDev/Web/src/mapviewerjava/buffer.jsp
trunk/MgDev/Web/src/mapviewerjava/bufferui.jsp
trunk/MgDev/Web/src/mapviewerjava/colorpicker.jsp
trunk/MgDev/Web/src/mapviewerjava/common.jsp
trunk/MgDev/Web/src/mapviewerjava/gettingstarted.jsp
trunk/MgDev/Web/src/mapviewerjava/legend.jsp
trunk/MgDev/Web/src/mapviewerjava/legendctrl.jsp
trunk/MgDev/Web/src/mapviewerjava/legendui.jsp
trunk/MgDev/Web/src/mapviewerjava/mainframe.jsp
trunk/MgDev/Web/src/mapviewerjava/mapframe.jsp
trunk/MgDev/Web/src/mapviewerjava/measure.jsp
trunk/MgDev/Web/src/mapviewerjava/measureui.jsp
trunk/MgDev/Web/src/mapviewerjava/printablepage.jsp
trunk/MgDev/Web/src/mapviewerjava/printablepageui.jsp
trunk/MgDev/Web/src/mapviewerjava/propertyctrl.jsp
trunk/MgDev/Web/src/mapviewerjava/search.jsp
trunk/MgDev/Web/src/mapviewerjava/searchprompt.jsp
trunk/MgDev/Web/src/mapviewerjava/selectwithin.jsp
trunk/MgDev/Web/src/mapviewerjava/selectwithinui.jsp
trunk/MgDev/Web/src/mapviewerjava/setselection.jsp
trunk/MgDev/Web/src/mapviewerjava/statusbar.jsp
trunk/MgDev/Web/src/mapviewerjava/taskbar.jsp
trunk/MgDev/Web/src/mapviewerjava/taskframe.jsp
trunk/MgDev/Web/src/mapviewerjava/tasklist.jsp
trunk/MgDev/Web/src/mapviewerjava/viewoptions.jsp
trunk/MgDev/Web/src/mapviewernet/ajaxviewerabout.aspx
trunk/MgDev/Web/src/mapviewernet/buffer.aspx
trunk/MgDev/Web/src/mapviewernet/bufferui.aspx
trunk/MgDev/Web/src/mapviewernet/colorpicker.aspx
trunk/MgDev/Web/src/mapviewernet/common.aspx
trunk/MgDev/Web/src/mapviewernet/formframe.aspx
trunk/MgDev/Web/src/mapviewernet/gettingstarted.aspx
trunk/MgDev/Web/src/mapviewernet/legend.aspx
trunk/MgDev/Web/src/mapviewernet/legendctrl.aspx
trunk/MgDev/Web/src/mapviewernet/legendui.aspx
trunk/MgDev/Web/src/mapviewernet/mainframe.aspx
trunk/MgDev/Web/src/mapviewernet/mapframe.aspx
trunk/MgDev/Web/src/mapviewernet/measure.aspx
trunk/MgDev/Web/src/mapviewernet/measureui.aspx
trunk/MgDev/Web/src/mapviewernet/printablepage.aspx
trunk/MgDev/Web/src/mapviewernet/printablepageui.aspx
trunk/MgDev/Web/src/mapviewernet/propertyctrl.aspx
trunk/MgDev/Web/src/mapviewernet/search.aspx
trunk/MgDev/Web/src/mapviewernet/searchprompt.aspx
trunk/MgDev/Web/src/mapviewernet/selectwithin.aspx
trunk/MgDev/Web/src/mapviewernet/selectwithinui.aspx
trunk/MgDev/Web/src/mapviewernet/setselection.aspx
trunk/MgDev/Web/src/mapviewernet/statusbar.aspx
trunk/MgDev/Web/src/mapviewernet/taskbar.aspx
trunk/MgDev/Web/src/mapviewernet/taskframe.aspx
trunk/MgDev/Web/src/mapviewernet/tasklist.aspx
trunk/MgDev/Web/src/mapviewernet/viewoptions.aspx
trunk/MgDev/Web/src/mapviewerphp/ajaxviewerabout.php
trunk/MgDev/Web/src/mapviewerphp/buffer.php
trunk/MgDev/Web/src/mapviewerphp/bufferui.php
trunk/MgDev/Web/src/mapviewerphp/colorpicker.php
trunk/MgDev/Web/src/mapviewerphp/common.php
trunk/MgDev/Web/src/mapviewerphp/gettingstarted.php
trunk/MgDev/Web/src/mapviewerphp/legend.php
trunk/MgDev/Web/src/mapviewerphp/legendctrl.php
trunk/MgDev/Web/src/mapviewerphp/legendui.php
trunk/MgDev/Web/src/mapviewerphp/mainframe.php
trunk/MgDev/Web/src/mapviewerphp/mapframe.php
trunk/MgDev/Web/src/mapviewerphp/measure.php
trunk/MgDev/Web/src/mapviewerphp/measureui.php
trunk/MgDev/Web/src/mapviewerphp/printablepage.php
trunk/MgDev/Web/src/mapviewerphp/printablepageui.php
trunk/MgDev/Web/src/mapviewerphp/propertyctrl.php
trunk/MgDev/Web/src/mapviewerphp/search.php
trunk/MgDev/Web/src/mapviewerphp/searchprompt.php
trunk/MgDev/Web/src/mapviewerphp/selectwithin.php
trunk/MgDev/Web/src/mapviewerphp/selectwithinui.php
trunk/MgDev/Web/src/mapviewerphp/setselection.php
trunk/MgDev/Web/src/mapviewerphp/statusbar.php
trunk/MgDev/Web/src/mapviewerphp/taskbar.php
trunk/MgDev/Web/src/mapviewerphp/taskframe.php
trunk/MgDev/Web/src/mapviewerphp/tasklist.php
trunk/MgDev/Web/src/mapviewerphp/viewoptions.php
Log:
Re #1306 - Cross-site scripting security fix
Modified: trunk/MgDev/Web/src/mapviewerjava/ajaxviewerabout.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/ajaxviewerabout.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/ajaxviewerabout.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -93,7 +93,7 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- sessionId = GetParameter(request, "SESSION");
- locale = GetParameter(request, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/buffer.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/buffer.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/buffer.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -38,9 +38,9 @@
String units;
String linestyle;
String fillstyle;
-String thickness;
+double thickness;
int merge;
-int foretrans;
+double foretrans;
String selText;
String srs;
String featureName = "Buffer";
@@ -62,7 +62,7 @@
units = "";
linestyle = "";
fillstyle = "";
- thickness = "";
+ thickness = 0;
merge = 0;
foretrans = 50;
selText = "";
@@ -387,30 +387,31 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
popup = GetIntParameter(request, "POPUP");
+ lcolor = ValidateColorString(GetParameter(request, "LCOLOR"));
+ ffcolor = ValidateColorString(GetParameter(request, "FFCOLOR"));
+ fbcolor = ValidateColorString(GetParameter(request, "FBCOLOR"));
+ foretrans = GetDoubleParameter(request, "FORETRANS");
+ if(foretrans < 0 || foretrans > 100)
+ {
+ foretrans = 50;
+ }
+ transparent = GetIntParameter(request, "TRANSPARENT");
+ distance = GetLocalizedDoubleParameter(request, "DISTANCE", locale);
+ if(IsParameter(request, "MERGE"))
+ merge = 1;
+
bufferName = GetParameter(request, "BUFFER");
layersParam = GetParameter(request, "LAYERS");
- lcolor = GetParameter(request, "LCOLOR");
- ffcolor = GetParameter(request, "FFCOLOR");
- fbcolor = GetParameter(request, "FBCOLOR");
- foretrans = GetIntParameter(request, "FORETRANS");
- transparent = GetIntParameter(request, "TRANSPARENT");
- locale = GetParameter(request, "LOCALE");
- distance = GetLocalizedDoubleParameter(request, "DISTANCE", locale);
units = GetParameter(request, "UNITS");
linestyle = GetParameter(request, "LINESTYLE");
fillstyle = GetParameter(request, "FILLSTYLE");
- thickness = GetParameter(request, "THICKNESS");
+ thickness = GetDoubleParameter(request, "THICKNESS");
selText = GetParameter(request, "SELECTION");
- if(IsParameter(request, "MERGE"))
- merge = 1;
- if(foretrans < 0 || foretrans > 100)
- {
- foretrans = 50;
- }
}
@@ -433,7 +434,7 @@
MgByteReader BuildLayerDefinitionContent() throws MgException, Exception
{
String layerTempl = LoadTemplate("/viewerfiles/arealayerdef.templ");
- String xtrans = String.format("%02x", new Object[]{new Integer(255 * foretrans / 100)});
+ String xtrans = String.format("%02x", new Object[]{new Integer((int)(255 * foretrans / 100))});
String[] vals = {
dataSource,
featureName,
@@ -442,7 +443,7 @@
xtrans + ffcolor,
(0 != transparent? ("ff" + fbcolor): ("00" + fbcolor)),
linestyle,
- thickness,
+ String.valueOf(thickness),
lcolor };
layerTempl = Substitute(layerTempl, vals);
byte[] bytes = layerTempl.getBytes("UTF-8");
Modified: trunk/MgDev/Web/src/mapviewerjava/bufferui.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/bufferui.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/bufferui.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -61,10 +61,10 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
popup = GetIntParameter(request, "POPUP");
us = GetIntParameter(request, "US");
- locale = GetParameter(request, "LOCALE");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/colorpicker.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/colorpicker.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/colorpicker.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -53,9 +53,9 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- clr = GetParameter(request, "CLR");
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ clr = ValidateColorString(GetParameter(request, "CLR"));
allowTransparency = GetIntParameter(request, "ALLOWTRANS");
transparent = GetIntParameter(request, "TRANS");
- locale = GetParameter(request, "LOCALE");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/common.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/common.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/common.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -17,6 +17,7 @@
<%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="org.osgeo.mapguide.*" %>
<%@ page import="java.util.*" %>
+<%@ page import="java.util.regex.*" %>
<%@ page import="java.io.*" %>
<%@ page import="java.net.*" %>
<%@ page import="javax.servlet.jsp.*" %>
@@ -194,4 +195,97 @@
return "Ajax Viewer";
}
+String ValidateSessionId(String proposedSessionId)
+{
+ // 00000000-0000-0000-0000-000000000000_aa_00000000000000000000
+ String validSessionId = "";
+ if(proposedSessionId != null &&
+ Pattern.matches("^[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}_[A-Za-z]{2}_[A-Fa-f0-9]{20}$", proposedSessionId))
+ {
+ validSessionId = proposedSessionId;
+ }
+ return validSessionId;
+}
+
+String ValidateLocaleString(String proposedLocaleString)
+{
+ // aa or aa-aa
+ String validLocaleString = GetDefaultLocale(); // Default
+ if(proposedLocaleString != null &&
+ (Pattern.matches("^[A-Za-z]{2}$", proposedLocaleString) || Pattern.matches("^[A-Za-z]{2}-[A-Za-z]{2}$", proposedLocaleString)))
+ {
+ validLocaleString = proposedLocaleString;
+ }
+ return validLocaleString;
+}
+
+String ValidateHyperlinkTargetValue(String proposedHyperlinkTarget)
+{
+ // 1, 2 or 3
+ String validHyperlinkTarget = "1"; // Default
+ if(proposedHyperlinkTarget != null && Pattern.matches("^[1-3]$", proposedHyperlinkTarget))
+ {
+ validHyperlinkTarget = proposedHyperlinkTarget;
+ }
+ return validHyperlinkTarget;
+}
+
+String ValidateFrameName(String proposedFrameName)
+{
+ // Allowing alphanumeric characters and underscores in the frame name
+ String validFrameName = "";
+ if(proposedFrameName != null && Pattern.matches("^[a-zA-Z0-9_]*$", proposedFrameName))
+ {
+ validFrameName = proposedFrameName;
+ }
+ return validFrameName;
+}
+
+String ValidateIntegerString(String proposedNumberString)
+{
+ // Allow numeric characters only
+ String validNumberString = "";
+ if(proposedNumberString != null && Pattern.matches("^[0-9]*$", proposedNumberString))
+ {
+ validNumberString = proposedNumberString;
+ }
+ return validNumberString;
+}
+
+String ValidateResourceId(String proposedResourceId)
+{
+ String validResourceId = "";
+ try
+ {
+ MgResourceIdentifier resId = new MgResourceIdentifier(proposedResourceId);
+ validResourceId = resId.ToString();
+ }
+ catch(MgException e)
+ {
+ validResourceId = "";
+ }
+ return validResourceId;
+}
+
+String ValidateMapName(String proposedMapName)
+{
+ String validMapName = "";
+ if (proposedMapName != null && Pattern.matches("^[^\\*:|\\?<'&\">=]*$", proposedMapName))
+ {
+ validMapName = proposedMapName;
+ }
+ return validMapName;
+}
+
+String ValidateColorString(String proposedColorString)
+{
+ String validColorString = "000000";
+ if (proposedColorString != null &&
+ Pattern.matches("^[A-Fa-f0-9]{6}$", proposedColorString))
+ {
+ validColorString = proposedColorString;
+ }
+ return validColorString;
+}
+
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/gettingstarted.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/gettingstarted.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/gettingstarted.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -94,13 +94,11 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- sessionId = GetParameter(request, "SESSION");
- webLayout = GetParameter(request, "WEBLAYOUT");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ webLayout = ValidateResourceId(GetParameter(request, "WEBLAYOUT"));
+ dwf = (GetIntParameter(request, "DWF") == 1);
pageName = GetParameter(request, "PAGE");
- dwf = GetParameter(request, "DWF").equals("1");
- locale = GetParameter(request, "LOCALE");
- if(locale.length() == 0)
- locale = GetDefaultLocale();
}
String FixupPageReferences(String html, String webLayout, boolean dwf, String vpath) throws UnsupportedEncodingException {
Modified: trunk/MgDev/Web/src/mapviewerjava/legend.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/legend.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/legend.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -64,7 +64,6 @@
String sessionId = "";
boolean summary = false;
int layerCount = 0;
-String[] layerIds = null;
int intermediateVar = 0;
String output = "\nvar layerData = new Array();\n";
@@ -157,12 +156,9 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- if(IsParameter(request, "MAPNAME"))
- mapName = GetParameter(request, "MAPNAME");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
- if(IsParameter(request, "SESSION"))
- sessionId = GetParameter(request, "SESSION");
-
if(IsParameter(request, "SUMMARY"))
{
summary = true;
@@ -170,16 +166,7 @@
else
{
summary = false;
- if(IsParameter(request, "LC"))
- {
- layerCount = Integer.parseInt(GetParameter(request, "LC"));
- }
-
- if(layerCount > 0 && IsParameter(request, "LAYERS"))
- {
- String layers = GetParameter(request, "LAYERS");
- layerIds = layers.split(",");
- }
+ layerCount = GetIntParameter(request, "LC");
}
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/legendctrl.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/legendctrl.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/legendctrl.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -72,12 +72,12 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
if(IsParameter(request, "MAPFRAME"))
- mapFrame = GetParameter(request, "MAPFRAME");
+ mapFrame = ValidateFrameName(GetParameter(request, "MAPFRAME"));
else
mapFrame = "parent";
- locale = GetParameter(request, "LOCALE");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/legendui.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/legendui.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/legendui.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -56,6 +56,6 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- locale = GetParameter(request, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/mainframe.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/mainframe.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/mainframe.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -147,7 +147,7 @@
//
String srcToolbar = showToolbar ? ( "src=\"" + vpath + "toolbar.jsp?LOCALE=" + locale + "\"" ) : "";
String srcStatusbar = showStatusbar ? ( "src=\"" + vpath + "statusbar.jsp?LOCALE=" + locale + "\"" ) : "";
- String srcTaskFrame = showTaskPane? ("src=\"" + vpath + "taskframe.jsp?TASK=" + taskPaneUrl + "&WEBLAYOUT=" + URLEncoder.encode(webLayoutDefinition, "UTF-8") + "&DWF=" + (forDwf!=0? "1": "0") + "&SESSION=" + (sessionId != ""? sessionId: "") + "&LOCALE=" + locale + "\"") : "";
+ String srcTaskFrame = showTaskPane? ("src=\"" + vpath + "taskframe.jsp?WEBLAYOUT=" + URLEncoder.encode(webLayoutDefinition, "UTF-8") + "&DWF=" + (forDwf!=0? "1": "0") + "&SESSION=" + (sessionId != ""? sessionId: "") + "&LOCALE=" + locale + "\"") : "";
String srcTaskBar = "src=\"" + vpath + "taskbar.jsp?LOCALE=" + locale + "\"";
//view center
@@ -605,31 +605,19 @@
void GetRequestParameters(HttpServletRequest request)
{
- webLayoutDefinition = request.getParameter("WEBLAYOUT");
- if (webLayoutDefinition == null)
- webLayoutDefinition = "";
-
- String localeParam = request.getParameter("LOCALE");
- if (localeParam != null && localeParam.length() > 0)
- {
- locale = localeParam;
- }
- else
- {
- locale = GetDefaultLocale();
- }
- sessionId = request.getParameter("SESSION");
+ webLayoutDefinition = ValidateResourceId(GetParameter(request, "WEBLAYOUT"));
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
if (sessionId != null && sessionId.length() > 0)
{
- sessionId = request.getParameter("SESSION");
orgSessionId = sessionId;
}
else
{
- username = request.getParameter("USERNAME");
+ username = GetParameter(request, "USERNAME");
if (username != null && username.length() > 0)
{
- password = request.getParameter( "PASSWORD");
+ password = GetParameter(request, "PASSWORD");
if(password == null)
password = "";
return;
Modified: trunk/MgDev/Web/src/mapviewerjava/mapframe.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/mapframe.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/mapframe.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -193,37 +193,15 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapDefinition = ValidateResourceId(GetParameter(request, "MAPDEFINITION"));
+ hlTgt = ValidateHyperlinkTargetValue(GetParameter(request, "HLTGT"));
+ hlTgtName = ValidateFrameName(GetParameter(request, "HLTGTNAME"));
+ infoWidth = GetIntParameter(request, "INFOWIDTH");
+ showLegend = GetIntParameter(request, "SHOWLEGEND");
+ showProperties = GetIntParameter(request, "SHOWPROP");
+ showSlider = GetIntParameter(request, "SHOWSLIDER");
type = GetParameter(request, "TYPE");
-
- String localeParam = GetParameter(request, "LOCALE");
- if(localeParam != null && localeParam.length() > 0)
- {
- locale = localeParam;
- }
- else
- {
- locale = GetDefaultLocale();
- }
-
- hlTgt = GetParameter(request, "HLTGT");
- hlTgtName = GetParameter(request, "HLTGTNAME");
-
- if(IsParameter(request, "INFOWIDTH"))
- infoWidth = Integer.parseInt(GetParameter(request, "INFOWIDTH"));
-
- if(IsParameter(request, "SHOWLEGEND"))
- showLegend = Integer.parseInt(GetParameter(request, "SHOWLEGEND"));
-
- if(IsParameter(request, "SHOWPROP"))
- showProperties = Integer.parseInt(GetParameter(request, "SHOWPROP"));
-
- if(IsParameter(request, "MAPDEFINITION"))
- mapDefinition = GetParameter(request, "MAPDEFINITION");
-
- if(IsParameter(request, "SESSION"))
- sessionId = GetParameter(request, "SESSION");
-
- if(IsParameter(request, "SHOWSLIDER"))
- showSlider = Integer.parseInt(GetParameter(request, "SHOWSLIDER"));
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/measure.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/measure.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/measure.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -271,11 +271,11 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
target = GetIntParameter(request, "TGT");
popup = GetIntParameter(request, "POPUP");
- locale = GetParameter(request, "LOCALE");
if(IsParameter(request, "CLEAR"))
{
clear = true;
Modified: trunk/MgDev/Web/src/mapviewerjava/measureui.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/measureui.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/measureui.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -63,20 +63,12 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- String localeParam = GetParameter(request, "LOCALE");
- if(localeParam != null && localeParam.length() > 0)
- {
- locale = localeParam;
- }
- else
- {
- locale = ""; // Default
- }
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
target = GetIntParameter(request, "TGT");
popup = GetIntParameter(request, "POPUP");
cmdIndex = GetIntParameter(request, "CMDINDEX");
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
total = GetDoubleParameter(request, "TOTAL");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/printablepage.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/printablepage.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/printablepage.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -31,10 +31,10 @@
int isLegend;
int isArrow;
String title;
-String scale;
-String centerX;
-String centerY;
-String dpi;
+double scale;
+double centerX;
+double centerY;
+int dpi;
String templFile;
String locale;
%>
@@ -46,10 +46,10 @@
isLegend = 0;
isArrow = 0;
title = "";
-scale = "";
-centerX = "";
-centerY = "";
-dpi = "";
+scale = 0;
+centerX = 0;
+centerY = 0;
+dpi = 0;
templFile = "";
locale = "";
@@ -67,16 +67,16 @@
String agent = GetRootVirtualFolder(request) + "/mapagent/mapagent.fcgi";
String vals[] = { mapName,
agent,
- scale,
- centerX,
- centerY,
- dpi,
+ String.valueOf(scale),
+ String.valueOf(centerX),
+ String.valueOf(centerY),
+ String.valueOf(dpi),
mapName,
sessionId,
String.valueOf(isTitle),
String.valueOf(isLegend),
String.valueOf(isArrow),
- isTitle == 1 ? title : "",
+ isTitle == 1 ? EscapeForHtml(title) : "",
agent,
mapName,
sessionId };
@@ -98,36 +98,16 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- if(IsParameter(request, "MAPNAME"))
- mapName = GetParameter(request, "MAPNAME");
-
- if(IsParameter(request, "SESSION"))
- sessionId = GetParameter(request, "SESSION");
-
- if(IsParameter(request, "ISTITLE"))
- isTitle = Integer.parseInt(GetParameter(request, "ISTITLE"));
-
- if(IsParameter(request, "ISLEGEND"))
- isLegend = Integer.parseInt(GetParameter(request, "ISLEGEND"));
-
- if(IsParameter(request, "ISARROW"))
- isArrow = Integer.parseInt(GetParameter(request, "ISARROW"));
-
- if(IsParameter(request, "TITLE"))
- title = GetParameter(request, "TITLE");
-
- if(IsParameter(request, "SCALE"))
- scale = GetParameter(request, "SCALE");
-
- if(IsParameter(request, "CENTERX"))
- centerX = GetParameter(request, "CENTERX");
-
- if(IsParameter(request, "CENTERY"))
- centerY = GetParameter(request, "CENTERY");
-
- if(IsParameter(request, "DPI"))
- dpi = GetParameter(request, "DPI");
-
- locale = GetParameter(request, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
+ isTitle = GetIntParameter(request, "ISTITLE");
+ isLegend = GetIntParameter(request, "ISLEGEND");
+ isArrow = GetIntParameter(request, "ISARROW");
+ dpi = GetIntParameter(request, "DPI");
+ scale = GetDoubleParameter(request, "SCALE");
+ centerX = GetDoubleParameter(request, "CENTERX");
+ centerY = GetDoubleParameter(request, "CENTERY");
+ title = GetParameter(request, "TITLE");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/printablepageui.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/printablepageui.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/printablepageui.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -26,13 +26,13 @@
<%!
int popup;
-String clientWidth;
+int clientWidth;
String mapName;
String sessionId;
-String scale;
-String centerX;
-String centerY;
-String dpi;
+double scale;
+double centerX;
+double centerY;
+int dpi;
String locale;
%>
@@ -43,8 +43,10 @@
try
{
popup = 0;
- clientWidth = mapName = sessionId = scale = "";
- centerX = centerY = dpi = "";
+ clientWidth = 0;
+ mapName = sessionId = "";
+ scale = centerX = centerY = 0;
+ dpi = 0;
MgLocalizer.SetLocalizedFilesPath(getServletContext().getRealPath("/") + "localized/");
@@ -54,13 +56,13 @@
String templ = MgLocalizer.Localize(LoadTemplate("/viewerfiles/printablepageui.templ"), locale, GetClientOS(request));
String vals[] = { String.valueOf(popup),
- clientWidth,
+ String.valueOf(clientWidth),
sessionId,
mapName,
- scale,
- centerX,
- centerY,
- dpi,
+ String.valueOf(scale),
+ String.valueOf(centerX),
+ String.valueOf(centerY),
+ String.valueOf(dpi),
GetSurroundVirtualPath(request) + "printablepage.jsp"};
response.getWriter().write(Substitute(templ, vals));
}
@@ -79,30 +81,14 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- if(IsParameter(request, "POPUP"))
- popup = Integer.parseInt(GetParameter(request, "POPUP"));
-
- if(IsParameter(request, "WIDTH"))
- clientWidth = GetParameter(request, "WIDTH");
-
- if(IsParameter(request, "MAPNAME"))
- mapName = GetParameter(request, "MAPNAME");
-
- if(IsParameter(request, "SESSION"))
- sessionId = GetParameter(request, "SESSION");
-
- if(IsParameter(request, "SCALE"))
- scale = GetParameter(request, "SCALE");
-
- if(IsParameter(request, "CENTERX"))
- centerX = GetParameter(request, "CENTERX");
-
- if(IsParameter(request, "CENTERY"))
- centerY = GetParameter(request, "CENTERY");
-
- if(IsParameter(request, "DPI"))
- dpi = GetParameter(request, "DPI");
-
- locale = GetParameter(request, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
+ popup = GetIntParameter(request, "POPUP");
+ clientWidth = GetIntParameter(request, "WIDTH");
+ dpi = GetIntParameter(request, "DPI");
+ scale = GetDoubleParameter(request, "SCALE");
+ centerX = GetDoubleParameter(request, "CENTERX");
+ centerY = GetDoubleParameter(request, "CENTERY");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/propertyctrl.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/propertyctrl.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/propertyctrl.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -59,9 +59,9 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- locale = GetParameter(request, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
if(IsParameter(request, "MAPFRAME"))
- mapFrame = GetParameter(request, "MAPFRAME");
+ mapFrame = ValidateFrameName(GetParameter(request, "MAPFRAME"));
else
mapFrame = "parent";
}
Modified: trunk/MgDev/Web/src/mapviewerjava/search.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/search.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/search.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -277,17 +277,13 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- userInput = GetParameter(request, "USERINPUT");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
target = GetIntParameter(request, "TGT");
popup = GetIntParameter(request, "POPUP");
- layerName = GetParameter(request, "LAYER");
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
- filter = GetParameter(request, "FILTER");
matchLimit = GetIntParameter(request, "MR");
int colCount = GetIntParameter(request, "COLS");
- locale = GetParameter(request, "LOCALE");
-
if(colCount > 0)
{
for(int i = 0; i < colCount; i++)
@@ -296,6 +292,9 @@
resProps.add(GetParameter(request, "CP" + i));
}
}
+ userInput = GetParameter(request, "USERINPUT");
+ layerName = GetParameter(request, "LAYER");
+ filter = GetParameter(request, "FILTER");
}
void OnError(String title, String msg, PrintWriter outStream, HttpServletRequest request) throws FileNotFoundException, IOException
Modified: trunk/MgDev/Web/src/mapviewerjava/searchprompt.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/searchprompt.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/searchprompt.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -68,7 +68,7 @@
String.valueOf(cmdIndex),
String.valueOf(target),
String.valueOf(popup),
- layerId,
+ EscapeForHtml(layerId),
mapName,
sessionId,
EscapeForHtml(filter),
@@ -81,15 +81,15 @@
void GetRequestParameters(HttpServletRequest request)
{
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
cmdIndex = GetIntParameter(request, "CMDINDEX");
target = GetIntParameter(request, "TGT");
popup = GetIntParameter(request, "POPUP");
clientWidth = GetIntParameter(request, "WIDTH");
+ matchLimit = GetIntParameter(request, "MR");
layerId = GetParameter(request, "LAYER");
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
filter = GetParameter(request, "FILTER");
- matchLimit = GetIntParameter(request, "MR");
- locale = GetParameter(request, "LOCALE");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/selectwithin.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/selectwithin.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/selectwithin.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -29,7 +29,6 @@
String sessionId = "";
String layers = "";
String inputSel = "";
-String dwf = "";
%>
<%
@@ -169,10 +168,9 @@
void GetRequestParameters(HttpServletRequest request)
{
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
inputSel = GetParameter(request, "SELECTION");
layers = GetParameter(request, "LAYERS");
- dwf = GetParameter(request, "DWF");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/selectwithinui.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/selectwithinui.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/selectwithinui.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -28,7 +28,7 @@
int popup = 0;
String mapName;
String sessionId;
-String dwf;
+int dwf;
String locale;
%>
@@ -38,7 +38,7 @@
popup = 0;
mapName = "";
sessionId = "";
- dwf = "";
+ dwf = 0;
locale = "";
MgLocalizer.SetLocalizedFilesPath(getServletContext().getRealPath("/") + "localized/");
@@ -50,7 +50,7 @@
GetSurroundVirtualPath(request) + "selectwithin.jsp",
mapName,
sessionId,
- dwf
+ String.valueOf(dwf)
};
response.getWriter().write(Substitute(templ, vals));
%>
@@ -58,10 +58,10 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
popup = GetIntParameter(request, "POPUP");
- mapName = GetParameter(request, "MAPNAME");
- sessionId = GetParameter(request, "SESSION");
- dwf = GetParameter(request, "DWF");
- locale = GetParameter(request, "LOCALE");
+ dwf = GetIntParameter(request, "DWF");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/setselection.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/setselection.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/setselection.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -114,16 +114,9 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- if(IsParameter(request, "MAPNAME"))
- mapName = GetParameter(request, "MAPNAME");
-
- if(IsParameter(request, "SESSION"))
- sessionId = GetParameter(request, "SESSION");
-
- if(IsParameter(request, "SELECTION"))
- selText = GetParameter(request, "SELECTION");
-
- if(IsParameter(request, "QUERYINFO"))
- queryInfo = GetParameter(request, "QUERYINFO").equals("1");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
+ queryInfo = (GetIntParameter(request, "QUERYINFO") == 1);
+ selText = GetParameter(request, "SELECTION");
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/statusbar.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/statusbar.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/statusbar.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -42,6 +42,6 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- locale = GetParameter(request, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/taskbar.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/taskbar.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/taskbar.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -42,6 +42,6 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- locale = GetParameter(request, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/taskframe.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/taskframe.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/taskframe.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -1,5 +1,5 @@
<%--
- -Copyright (C) 2004-2010 by Autodesk, Inc.
+ -Copyright (C) 2004-2009 by Autodesk, Inc.
-This library is free software; you can redistribute it and/or
-modify it under the terms of version 2.1 of the GNU Lesser
-General Public License as published by the Free Software Foundation.
@@ -25,10 +25,9 @@
<%@ page isThreadSafe="false" %>
<%!
-String taskPane = "";
String sessionId = "";
-String webLayout = "";
-String dwf = "";
+String webLayoutId = "";
+int dwf = 0;
String locale = "";
%>
@@ -37,37 +36,79 @@
request.setCharacterEncoding("UTF-8");
GetRequestParameters(request);
- String url = URLDecoder.decode(taskPane, "UTF-8");
- int index = url.indexOf("?");
-
- if(index > 0)
+ try
{
- String path = url.substring(0, index);
- String query = url.substring(index+1);
+ InitializeWebTier();
- if(query.length() > 0)
- url = String.format("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s&%s", path, sessionId, URLEncoder.encode(webLayout, "UTF-8"), dwf, locale, query);
+ MgUserInformation cred = new MgUserInformation(sessionId);
+ cred.SetClientIp(GetClientIp(request));
+ cred.SetClientAgent(GetClientAgent());
+
+ //connect to the site and get a feature service and a resource service instances
+ MgSiteConnection site = new MgSiteConnection();
+ site.Open(cred);
+
+ //Get the MgWebLayout object
+ MgResourceService resourceSrvc = (MgResourceService)site.CreateService(MgServiceType.ResourceService);
+ MgResourceIdentifier webLayoutResId = new MgResourceIdentifier(webLayoutId);
+ MgWebLayout webLayout = new MgWebLayout(resourceSrvc, webLayoutResId);
+ MgWebTaskPane taskPane = webLayout.GetTaskPane();
+ String taskPaneUrl = taskPane.GetInitialTaskUrl();
+ String vpath = GetSurroundVirtualPath(request);
+ if (taskPaneUrl == null || taskPaneUrl.length() == 0)
+ {
+ taskPaneUrl = "gettingstarted.jsp";
+ }
+
+ String url = URLDecoder.decode(taskPaneUrl, "UTF-8");
+ int index = url.indexOf("?");
+
+ if(index > 0)
+ {
+ String path = url.substring(0, index);
+ String query = url.substring(index+1);
+
+ if(query.length() > 0)
+ url = String.format("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s&%s", path, sessionId, URLEncoder.encode(webLayoutId, "UTF-8"), dwf, locale, query);
+ else
+ url = String.format("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s", path, sessionId, URLEncoder.encode(webLayoutId, "UTF-8"), dwf, locale);
+ }
else
- url = String.format("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s", path, sessionId, URLEncoder.encode(webLayout, "UTF-8"), dwf, locale);
+ {
+ url = String.format("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s", taskPaneUrl, sessionId, URLEncoder.encode(webLayoutId), dwf, locale);
+ }
+ String templ = LoadTemplate("/viewerfiles/taskframe.templ");
+ String[] vals = { vpath + "tasklist.jsp",
+ locale,
+ url };
+ response.getWriter().write(Substitute(templ, vals));
}
- else
+ catch (MgException exc)
{
- url = String.format("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s", taskPane, sessionId, URLEncoder.encode(webLayout), dwf, locale);
+ OnError(MgLocalizer.GetString("TASKS", locale), exc.GetMessage(), response.getWriter(), request);
+ return;
}
- String templ = LoadTemplate("/viewerfiles/taskframe.templ");
- String[] vals = { GetSurroundVirtualPath(request) + "tasklist.jsp",
- locale,
- url };
- response.getWriter().write(Substitute(templ, vals));
+ catch (Exception ne)
+ {
+ OnError(MgLocalizer.GetString("TASKS", locale), ne.getMessage(), response.getWriter(), request);
+ return;
+ }
+
%>
<%!
void GetRequestParameters(HttpServletRequest request)
{
- taskPane = GetParameter(request, "TASK");
- sessionId = GetParameter(request, "SESSION");
- webLayout = GetParameter(request, "WEBLAYOUT");
- dwf = GetParameter(request, "DWF");
- locale = GetParameter(request, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(request, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
+ webLayoutId = ValidateResourceId(GetParameter(request, "WEBLAYOUT"));
+ dwf = GetIntParameter(request, "DWF");
}
+
+void OnError(String title, String msg, PrintWriter outStream, HttpServletRequest request) throws FileNotFoundException, IOException
+{
+ String templ = MgLocalizer.Localize(LoadTemplate("/viewerfiles/errorpage.templ"), locale, GetClientOS(request));
+ String[] vals = {"0", title, msg };
+ outStream.write(Substitute(templ, vals));
+}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/tasklist.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/tasklist.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/tasklist.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -40,6 +40,6 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
- locale = GetParameter(request, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
}
%>
Modified: trunk/MgDev/Web/src/mapviewerjava/viewoptions.jsp
===================================================================
--- trunk/MgDev/Web/src/mapviewerjava/viewoptions.jsp 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerjava/viewoptions.jsp 2010-04-06 15:56:33 UTC (rev 4744)
@@ -51,9 +51,9 @@
<%!
void GetRequestParameters(HttpServletRequest request)
{
+ locale = ValidateLocaleString(GetParameter(request, "LOCALE"));
target = GetIntParameter(request, "TGT");
popup = GetIntParameter(request, "POPUP");
dwf = GetIntParameter(request, "DWF");
- locale = GetParameter(request, "LOCALE");
}
%>
Modified: trunk/MgDev/Web/src/mapviewernet/ajaxviewerabout.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/ajaxviewerabout.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/ajaxviewerabout.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -94,8 +94,8 @@
void GetParameters(NameValueCollection parameters)
{
- sessionId = GetParameter(parameters, "SESSION");
- locale = GetParameter(parameters, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/buffer.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/buffer.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/buffer.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -38,9 +38,9 @@
String units = "";
String linestyle = "";
String fillstyle = "";
-String thickness = "";
+double thickness = 0;
int merge = 0;
-int foretrans = 50;
+double foretrans = 50;
String selText = "";
String srs = "";
String featureName = "Buffer";
@@ -386,31 +386,29 @@
void GetParameters(NameValueCollection parameters)
{
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
popup = GetIntParameter(parameters, "POPUP");
- bufferName = GetParameter(parameters, "BUFFER");
- layersParam = GetParameter(parameters, "LAYERS");
- lcolor = GetParameter(parameters, "LCOLOR");
- ffcolor = GetParameter(parameters, "FFCOLOR");
- fbcolor = GetParameter(parameters, "FBCOLOR");
- foretrans = GetIntParameter(parameters, "FORETRANS");
+ foretrans = GetDoubleParameter(parameters, "FORETRANS");
+ if (foretrans < 0 || foretrans > 100)
+ {
+ foretrans = 50;
+ }
transparent = GetIntParameter(parameters, "TRANSPARENT");
- locale = GetParameter(parameters, "LOCALE");
distance = GetLocalizedDoubleParameter(parameters, "DISTANCE", locale);
+ if(IsParameter(parameters, "MERGE"))
+ merge = 1;
+ lcolor = ValidateColorString(GetParameter(parameters, "LCOLOR"));
+ ffcolor = ValidateColorString(GetParameter(parameters, "FFCOLOR"));
+ fbcolor = ValidateColorString(GetParameter(parameters, "FBCOLOR"));
+ thickness = GetDoubleParameter(parameters, "THICKNESS");
+ bufferName = GetParameter(parameters, "BUFFER");
+ layersParam = GetParameter(parameters, "LAYERS");
units = GetParameter(parameters, "UNITS");
linestyle = GetParameter(parameters, "LINESTYLE");
fillstyle = GetParameter(parameters, "FILLSTYLE");
- thickness = GetParameter(parameters, "THICKNESS");
selText = GetParameter(parameters, "SELECTION");
- if(IsParameter(parameters, "MERGE"))
- merge = 1;
-
- if(foretrans < 0 || foretrans > 100)
- {
- foretrans = 50;
- }
-
}
MgLayer FindLayer(MgLayerCollection layers, String layerName)
@@ -433,7 +431,7 @@
MgByteReader BuildLayerDefinitionContent()
{
String layerTempl = LoadTemplate(Request, "../viewerfiles/arealayerdef.templ");
- String xtrans = String.Format("{0:x2}", (255 * foretrans / 100));
+ String xtrans = String.Format("{0:x2}", ((int)(255 * foretrans / 100)));
String[] vals = {
dataSource,
featureName,
@@ -442,7 +440,7 @@
xtrans + ffcolor,
(0!=transparent)? "ff" + fbcolor: "00" + fbcolor,
linestyle,
- thickness,
+ thickness.ToString(NumberFormatInfo.InvariantInfo),
lcolor
};
layerTempl = Substitute(layerTempl, vals);
Modified: trunk/MgDev/Web/src/mapviewernet/bufferui.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/bufferui.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/bufferui.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -66,11 +66,11 @@
void GetParameters(NameValueCollection parameters)
{
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
popup = GetIntParameter(parameters, "POPUP");
us = GetIntParameter(parameters, "US");
- locale = GetParameter(parameters, "LOCALE");
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/colorpicker.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/colorpicker.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/colorpicker.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -56,10 +56,10 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
- clr = GetParameter(parameters, "CLR");
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
allowTransparency = GetIntParameter(parameters, "ALLOWTRANS");
transparent = GetIntParameter(parameters, "TRANS");
+ clr = ValidateColorString(GetParameter(parameters, "CLR"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/common.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/common.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/common.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -21,7 +21,7 @@
<%@ Import Namespace="System.Globalization" %>
<%@ Import Namespace="OSGeo.MapGuide" %>
-<script runat="server">
+<script language="C#" runat="server">
void InitializeWebTier()
{
@@ -186,4 +186,98 @@
{
return "Ajax Viewer";
}
+
+String ValidateSessionId(String proposedSessionId)
+{
+ // 00000000-0000-0000-0000-000000000000_aa_00000000000000000000
+ String validSessionId = "";
+ if(proposedSessionId != null && System.Text.RegularExpressions.Regex.IsMatch(proposedSessionId,
+ "^[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}_[A-Za-z]{2}_[A-Fa-f0-9]{20}$"))
+ {
+ validSessionId = proposedSessionId;
+ }
+ return validSessionId;
+}
+
+String ValidateLocaleString(String proposedLocaleString)
+{
+ // aa or aa-aa
+ String validLocaleString = GetDefaultLocale(); // Default
+ if(proposedLocaleString != null && (System.Text.RegularExpressions.Regex.IsMatch(proposedLocaleString, "^[A-Za-z]{2}$") ||
+ System.Text.RegularExpressions.Regex.IsMatch(proposedLocaleString, "^[A-Za-z]{2}-[A-Za-z]{2}$")))
+ {
+ validLocaleString = proposedLocaleString;
+ }
+ return validLocaleString;
+}
+
+String ValidateHyperlinkTargetValue(String proposedHyperlinkTarget)
+{
+ // 1, 2 or 3
+ String validHyperlinkTarget = "1"; // Default
+ if(proposedHyperlinkTarget != null && System.Text.RegularExpressions.Regex.IsMatch(proposedHyperlinkTarget, "^[1-3]$"))
+ {
+ validHyperlinkTarget = proposedHyperlinkTarget;
+ }
+ return validHyperlinkTarget;
+}
+
+String ValidateFrameName(String proposedFrameName)
+{
+ // Allowing alphanumeric characters and underscores in the frame name
+ String validFrameName = "";
+ if(proposedFrameName != null && System.Text.RegularExpressions.Regex.IsMatch(proposedFrameName, "^[a-zA-Z0-9_]*$"))
+ {
+ validFrameName = proposedFrameName;
+ }
+ return validFrameName;
+}
+
+String ValidateIntegerString(String proposedNumberString)
+{
+ // Allow numeric characters only
+ String validNumberString = "";
+ if(proposedNumberString != null && System.Text.RegularExpressions.Regex.IsMatch(proposedNumberString, "^[0-9]*$"))
+ {
+ validNumberString = proposedNumberString;
+ }
+ return validNumberString;
+}
+
+String ValidateResourceId(String proposedResourceId)
+{
+ String validResourceId = "";
+ try
+ {
+ MgResourceIdentifier resId = new MgResourceIdentifier(proposedResourceId);
+ validResourceId = resId.ToString();
+ }
+ catch(MgException)
+ {
+ validResourceId = "";
+ }
+ return validResourceId;
+}
+
+String ValidateMapName(String proposedMapName)
+{
+ String validMapName = "";
+ if (proposedMapName.IndexOfAny("*:|?<'&\">=".ToCharArray()) < 0)
+ {
+ validMapName = proposedMapName;
+ }
+ return validMapName;
+}
+
+String ValidateColorString(String proposedColorString)
+{
+ String validColorString = "000000";
+ if (proposedColorString != null &&
+ System.Text.RegularExpressions.Regex.IsMatch(proposedColorString, "^[A-Fa-f0-9]{6}$"))
+ {
+ validColorString = proposedColorString;
+ }
+ return validColorString;
+}
+
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/formframe.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/formframe.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/formframe.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -24,10 +24,6 @@
<!-- #Include File="common.aspx -->
-<script runat="server">
-String templFile = "";
-</script>
-
<%
try
{
Modified: trunk/MgDev/Web/src/mapviewernet/gettingstarted.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/gettingstarted.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/gettingstarted.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -100,13 +100,11 @@
void GetParameters(NameValueCollection parameters)
{
- sessionId = GetParameter(parameters, "SESSION");
- webLayout = GetParameter(parameters, "WEBLAYOUT");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ dwf = GetIntParameter(parameters, "DWF") == 1;
+ webLayout = ValidateResourceId(GetParameter(parameters, "WEBLAYOUT"));
pageName = GetParameter(parameters, "PAGE");
- dwf = GetParameter(parameters, "DWF") == "1";
- locale = GetParameter(parameters, "LOCALE");
- if(locale == "")
- locale = GetDefaultLocale();
}
String FixupPageReferences(String html, String webLayout, bool dwf, String vpath) {
Modified: trunk/MgDev/Web/src/mapviewernet/legend.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/legend.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/legend.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -63,7 +63,6 @@
String sessionId = "";
bool summary = false;
int layerCount = 0;
-String[] layerIds = null;
int intermediateVar = 0;
String output = "\nvar layerData = new Array();\n";
</script>
@@ -153,31 +152,15 @@
void GetParameters(NameValueCollection parameters)
{
- if (IsParameter(parameters, "MAPNAME"))
- {
- mapName = GetParameter(parameters, "MAPNAME");
- }
- if (IsParameter(parameters, "SESSION"))
- {
- sessionId = GetParameter(parameters, "SESSION");
- }
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
if (IsParameter(parameters, "SUMMARY"))
{
summary = true;
}
else
{
- if (IsParameter(parameters, "LC"))
- {
- layerCount = Convert.ToInt32(GetParameter(parameters, "LC"));
- }
- if (layerCount > 0 && IsParameter(parameters, "LAYERS"))
- {
- String layers = GetParameter(parameters, "LAYERS");
-
- char[] delimiter = {','};
- layerIds = layers.Split(delimiter);
- }
+ layerCount = GetIntParameter(parameters, "LC");
}
}
Modified: trunk/MgDev/Web/src/mapviewernet/legendctrl.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/legendctrl.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/legendctrl.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -76,13 +76,14 @@
void GetParameters(NameValueCollection parameters)
{
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
+
if(IsParameter(parameters, "MAPFRAME"))
- mapFrame = GetParameter(parameters, "MAPFRAME");
+ mapFrame = ValidateFrameName(GetParameter(parameters, "MAPFRAME"));
else
mapFrame = "parent";
- locale = GetParameter(parameters, "LOCALE");
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/legendui.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/legendui.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/legendui.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -58,7 +58,7 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/mainframe.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/mainframe.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/mainframe.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -150,7 +150,7 @@
//
String srcToolbar = showToolbar ? ("src=\"" + vpath + "toolbar.aspx?LOCALE=" + locale + "\"") : "";
String srcStatusbar = showStatusbar ? ("src=\"" + vpath + "statusbar.aspx?LOCALE=" + locale + "\"") : "";
- String srcTaskFrame = showTaskPane ? ("src=\"" + vpath + "taskframe.aspx?TASK=" + taskPaneUrl + "&WEBLAYOUT=" + HttpUtility.UrlEncode(webLayoutDefinition) + "&DWF=" + (forDwf != 0 ? "1" : "0") + "&SESSION=" + (sessionId != "" ? sessionId : "") + "&LOCALE=" + locale + "\"") : "";
+ String srcTaskFrame = showTaskPane ? ("src=\"" + vpath + "taskframe.aspx?WEBLAYOUT=" + HttpUtility.UrlEncode(webLayoutDefinition) + "&DWF=" + (forDwf != 0 ? "1" : "0") + "&SESSION=" + (sessionId != "" ? sessionId : "") + "&LOCALE=" + locale + "\"") : "";
String srcTaskBar = "src=\"" + vpath + "taskbar.aspx?LOCALE=" + locale + "\"";
//view center
@@ -598,31 +598,19 @@
void GetParameters(NameValueCollection parameters)
{
- webLayoutDefinition = parameters["WEBLAYOUT"];
- if (webLayoutDefinition == null)
- webLayoutDefinition = "";
-
- String localeParam = parameters["LOCALE"];
- if (localeParam != null && localeParam.Length > 0)
- {
- locale = localeParam;
- }
- else
- {
- locale = GetDefaultLocale();
- }
- sessionId = parameters["SESSION"];
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ webLayoutDefinition = ValidateResourceId(GetParameter(parameters, "WEBLAYOUT"));
if (sessionId != null && sessionId.Length > 0)
{
- sessionId = parameters["SESSION"];
orgSessionId = sessionId;
}
else
{
- username = parameters["USERNAME"];
+ username = GetParameter(parameters, "USERNAME");
if (null != username && username.Length > 0)
{
- password = parameters["PASSWORD"];
+ password = GetParameter(parameters, "PASSWORD");
if (null == password)
{
password = "";
Modified: trunk/MgDev/Web/src/mapviewernet/mapframe.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/mapframe.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/mapframe.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -214,40 +214,19 @@
void GetParameters(NameValueCollection parameters)
{
- type = GetParameter(parameters, "TYPE");
+ type = GetParameter(parameters, "TYPE"); // "DWF" or other
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ hlTgt = ValidateHyperlinkTargetValue(GetParameter(parameters, "HLTGT"));
+ hlTgtName = ValidateFrameName(GetParameter(parameters, "HLTGTNAME"));
- locale = GetParameter(parameters, "LOCALE");
- if(locale == "")
- locale = GetDefaultLocale();
+ infoWidth = GetIntParameter(parameters, "INFOWIDTH");
+ showLegend = GetIntParameter(parameters, "SHOWLEGEND");
+ showProperties = GetIntParameter(parameters, "SHOWPROP");
+ showSlider = GetIntParameter(parameters, "SHOWSLIDER");
- hlTgt = GetParameter(parameters, "HLTGT");
- hlTgtName = GetParameter(parameters, "HLTGTNAME");
-
- if (IsParameter(parameters, "INFOWIDTH"))
- {
- infoWidth = Convert.ToInt32(GetParameter(parameters, "INFOWIDTH"));
+ mapDefinition = ValidateResourceId(GetParameter(parameters, "MAPDEFINITION"));
}
- if (IsParameter(parameters, "SHOWLEGEND"))
- {
- showLegend = Convert.ToInt32(GetParameter(parameters, "SHOWLEGEND"));
- }
- if (IsParameter(parameters, "SHOWPROP"))
- {
- showProperties = Convert.ToInt32(GetParameter(parameters, "SHOWPROP"));
- }
- if (IsParameter(parameters, "MAPDEFINITION"))
- {
- mapDefinition = GetParameter(parameters, "MAPDEFINITION");
- }
- if (IsParameter(parameters, "SESSION"))
- {
- sessionId = GetParameter(parameters, "SESSION");
- }
- if (IsParameter(parameters, "SHOWSLIDER"))
- {
- showSlider = Convert.ToInt32(GetParameter(parameters, "SHOWSLIDER"));
- }
-}
String IntToString(int number)
{
Modified: trunk/MgDev/Web/src/mapviewernet/measure.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/measure.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/measure.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -261,11 +261,11 @@
void GetParameters(NameValueCollection parameters)
{
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
target = GetIntParameter(parameters, "TGT");
popup = GetIntParameter(parameters, "POPUP");
- locale = GetParameter(parameters, "LOCALE");
if(IsParameter(parameters, "CLEAR"))
clear = true;
else
Modified: trunk/MgDev/Web/src/mapviewernet/measureui.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/measureui.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/measureui.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -70,12 +70,12 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
target = GetIntParameter(parameters, "TGT");
popup = GetIntParameter(parameters, "POPUP");
cmdIndex = GetIntParameter(parameters, "CMDINDEX");
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
total = GetDoubleParameter(parameters, "TOTAL");
}
Modified: trunk/MgDev/Web/src/mapviewernet/printablepage.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/printablepage.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/printablepage.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -31,11 +31,11 @@
int isTitle = 0;
int isLegend = 0;
int isArrow = 0;
+int dpi = 0;
String title = "";
-String scale = "";
-String centerX = "";
-String centerY = "";
-String dpi = "";
+double scale = 0;
+double centerX = 0;
+double centerY = 0;
</script>
<%
@@ -53,16 +53,16 @@
String[] vals = {
mapName,
agent,
- scale,
- centerX,
- centerY,
- dpi,
+ scale.ToString(NumberFormatInfo.InvariantInfo),
+ centerX.ToString(NumberFormatInfo.InvariantInfo),
+ centerY.ToString(NumberFormatInfo.InvariantInfo),
+ dpi.ToString(NumberFormatInfo.InvariantInfo),
mapName,
sessionId,
isTitle.ToString(NumberFormatInfo.InvariantInfo),
isLegend.ToString(NumberFormatInfo.InvariantInfo),
isArrow.ToString(NumberFormatInfo.InvariantInfo),
- isTitle == 1 ? title : "",
+ isTitle == 1 ? EscapeForHtml(title) : "",
agent,
mapName,
sessionId };
@@ -92,47 +92,18 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
- if(IsParameter(parameters, "MAPNAME"))
- {
- mapName = GetParameter(parameters, "MAPNAME");
- }
- if(IsParameter(parameters, "SESSION"))
- {
- sessionId = GetParameter(parameters, "SESSION");
- }
- if(IsParameter(parameters, "ISTITLE"))
- {
- isTitle = Convert.ToInt32(GetParameter(parameters, "ISTITLE"));
- }
- if(IsParameter(parameters, "ISLEGEND"))
- {
- isLegend = Convert.ToInt32(GetParameter(parameters, "ISLEGEND"));
- }
- if(IsParameter(parameters, "ISARROW"))
- {
- isArrow = Convert.ToInt32(GetParameter(parameters, "ISARROW"));
- }
- if(IsParameter(parameters, "TITLE"))
- {
- title = GetParameter(parameters, "TITLE");
- }
- if(IsParameter(parameters, "SCALE"))
- {
- scale = GetParameter(parameters, "SCALE");
- }
- if(IsParameter(parameters, "CENTERX"))
- {
- centerX = GetParameter(parameters, "CENTERX");
- }
- if(IsParameter(parameters, "CENTERY"))
- {
- centerY = GetParameter(parameters, "CENTERY");
- }
- if(IsParameter(parameters, "DPI"))
- {
- dpi = GetParameter(parameters, "DPI");
- }
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ isTitle = GetIntParameter(parameters, "ISTITLE");
+ isLegend = GetIntParameter(parameters, "ISLEGEND");
+ isArrow = GetIntParameter(parameters, "ISARROW");
+ dpi = GetIntParameter(parameters, "DPI");
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
+ scale = GetDoubleParameter(parameters, "SCALE");
+ centerX = GetDoubleParameter(parameters, "CENTERX");
+ centerY = GetDoubleParameter(parameters, "CENTERY");
+
+ title = GetParameter(parameters, "TITLE");
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/printablepageui.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/printablepageui.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/printablepageui.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -26,13 +26,13 @@
<script runat="server">
int popup = 0;
-String clientWidth = "";
+int clientWidth = 0;
+int dpi = 96;
String mapName = "";
String sessionId = "";
-String scale = "";
-String centerX = "";
-String centerY = "";
-String dpi = "";
+double scale = 0;
+double centerX = 0;
+double centerY = 0;
String locale = "";
</script>
@@ -50,13 +50,13 @@
String[] vals = {
popup.ToString(NumberFormatInfo.InvariantInfo),
- clientWidth,
+ clientWidth.ToString(NumberFormatInfo.InvariantInfo),
sessionId,
mapName,
- scale,
- centerX,
- centerY,
- dpi,
+ scale.ToString(NumberFormatInfo.InvariantInfo),
+ centerX.ToString(NumberFormatInfo.InvariantInfo),
+ centerY.ToString(NumberFormatInfo.InvariantInfo),
+ dpi.ToString(NumberFormatInfo.InvariantInfo),
GetSurroundVirtualPath(Request) + "printablepage.aspx"};
Response.Write(Substitute(templ, vals));
@@ -84,39 +84,15 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
- if(IsParameter(parameters, "POPUP"))
- {
- popup = Convert.ToInt32(GetParameter(parameters, "POPUP"));
- }
- if(IsParameter(parameters, "WIDTH"))
- {
- clientWidth = GetParameter(parameters, "WIDTH");
- }
- if(IsParameter(parameters, "MAPNAME"))
- {
- mapName = GetParameter(parameters, "MAPNAME");
- }
- if(IsParameter(parameters, "SESSION"))
- {
- sessionId = GetParameter(parameters, "SESSION");
- }
- if(IsParameter(parameters, "SCALE"))
- {
- scale = GetParameter(parameters, "SCALE");
- }
- if(IsParameter(parameters, "CENTERX"))
- {
- centerX = GetParameter(parameters, "CENTERX");
- }
- if(IsParameter(parameters, "CENTERY"))
- {
- centerY = GetParameter(parameters, "CENTERY");
- }
- if(IsParameter(parameters, "DPI"))
- {
- dpi = GetParameter(parameters, "DPI");
- }
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ popup = GetIntParameter(parameters, "POPUP");
+ clientWidth = GetIntParameter(parameters, "WIDTH");
+ dpi = GetIntParameter(parameters, "DPI");
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
+ scale = GetDoubleParameter(parameters, "SCALE");
+ centerX = GetDoubleParameter(parameters, "CENTERX");
+ centerY = GetDoubleParameter(parameters, "CENTERY");
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/propertyctrl.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/propertyctrl.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/propertyctrl.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -49,9 +49,9 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
if(IsParameter(parameters, "MAPFRAME"))
- mapFrame = GetParameter(parameters, "MAPFRAME");
+ mapFrame = ValidateFrameName(GetParameter(parameters, "MAPFRAME"));
else
mapFrame = "parent";
}
Modified: trunk/MgDev/Web/src/mapviewernet/search.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/search.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/search.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -280,17 +280,12 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
- userInput = GetParameter(parameters, "USERINPUT");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
target = GetIntParameter(parameters, "TGT");
popup = GetIntParameter(parameters, "POPUP");
- layerName = GetParameter(parameters, "LAYER");
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
- filter = GetParameter(parameters, "FILTER");
matchLimit = GetIntParameter(parameters, "MR");
int colCount = GetIntParameter(parameters, "COLS");
-
if(colCount > 0)
{
for(int i = 0; i < colCount; i++)
@@ -299,6 +294,10 @@
resProps.Add(parameters["CP" + i]);
}
}
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
+ layerName = GetParameter(parameters, "LAYER");
+ filter = GetParameter(parameters, "FILTER");
+ userInput = GetParameter(parameters, "USERINPUT");
}
void OnError(String title, String msg)
Modified: trunk/MgDev/Web/src/mapviewernet/searchprompt.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/searchprompt.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/searchprompt.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -58,7 +58,7 @@
cmdIndex.ToString(NumberFormatInfo.InvariantInfo),
target.ToString(NumberFormatInfo.InvariantInfo),
popup.ToString(NumberFormatInfo.InvariantInfo),
- layerId,
+ EscapeForHtml(layerId),
mapName,
sessionId,
EscapeForHtml(filter),
@@ -79,16 +79,17 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
cmdIndex = GetIntParameter(parameters, "CMDINDEX");
target = GetIntParameter(parameters, "TGT");
popup = GetIntParameter(parameters, "POPUP");
clientWidth = GetIntParameter(parameters, "WIDTH");
+ matchLimit = GetIntParameter(parameters, "MR");
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
+
layerId = GetParameter(parameters, "LAYER");
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
filter = GetParameter(parameters, "FILTER");
- matchLimit = GetIntParameter(parameters, "MR");
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/selectwithin.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/selectwithin.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/selectwithin.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -29,7 +29,6 @@
String sessionId = "";
String layers = "";
String inputSel = "";
-String dwf = "";
</script>
<%
@@ -174,11 +173,10 @@
void GetParameters(NameValueCollection parameters)
{
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
inputSel = GetParameter(parameters, "SELECTION");
layers = GetParameter(parameters, "LAYERS");
- dwf = GetParameter(parameters, "DWF");
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/selectwithinui.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/selectwithinui.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/selectwithinui.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -24,9 +24,9 @@
<script runat="server">
int popup = 0;
+int dwf = 0;
String mapName = "";
String sessionId = "";
-String dwf = "";
String locale = "";
</script>
@@ -47,7 +47,7 @@
GetSurroundVirtualPath(Request) + "selectwithin.aspx",
mapName,
sessionId,
- dwf
+ dwf.ToString(NumberFormatInfo.InvariantInfo)
};
Response.Write(Substitute(templ, vals));
%>
@@ -64,11 +64,11 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ dwf = GetIntParameter(parameters, "DWF");
popup = GetIntParameter(parameters, "POPUP");
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
- dwf = GetParameter(parameters, "DWF");
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/setselection.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/setselection.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/setselection.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -117,11 +117,11 @@
void GetParameters(NameValueCollection parameters)
{
- mapName = GetParameter(parameters, "MAPNAME");
- sessionId = GetParameter(parameters, "SESSION");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ mapName = ValidateMapName(GetParameter(parameters, "MAPNAME"));
+ if(IsParameter(parameters, "QUERYINFO"))
+ queryInfo = GetIntParameter(parameters, "QUERYINFO") == 1;
selText = GetParameter(parameters, "SELECTION");
- if(IsParameter(parameters, "QUERYINFO"))
- queryInfo = GetParameter(parameters, "QUERYINFO") == "1";
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/statusbar.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/statusbar.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/statusbar.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -46,7 +46,7 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/taskbar.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/taskbar.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/taskbar.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -46,7 +46,7 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/taskframe.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/taskframe.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/taskframe.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -1,5 +1,5 @@
<%--
-Copyright (C) 2004-2010 by Autodesk, Inc.
+Copyright (C) 2004-2009 by Autodesk, Inc.
This library is free software; you can redistribute it and/or
modify it under the terms of version 2.1 of the GNU Lesser
General Public License as published by the Free Software Foundation.
@@ -24,44 +24,79 @@
<!-- #Include File="common.aspx -->
<script runat="server">
-String taskPane = "";
-String session = "";
-String webLayout = "";
-String dwf = "";
+String sessionId = "";
+String webLayoutId = "";
+int dwf = 0;
String locale = "";
</script>
<%
Response.Charset = "utf-8";
+ MgLocalizer.SetLocalizedFilesPath(Request.ServerVariables["APPL_PHYSICAL_PATH"] + "..\\localized\\");
GetRequestParameters();
- String url = HttpUtility.UrlDecode(taskPane);
- int index = url.IndexOf("?");
-
- if(index > 0)
+ try
{
- String path = url.Substring(0, index);
- String query = url.Substring(index+1);
+ InitializeWebTier();
- if(query.Length > 0)
- url = String.Format("{0}?SESSION={1}&WEBLAYOUT={2}&DWF={3}&LOCALE={4}&{5}", path, session, HttpUtility.UrlEncode(webLayout), dwf, locale, query);
+ MgUserInformation cred = new MgUserInformation(sessionId);
+ cred.SetClientIp(GetClientIp(Request));
+ cred.SetClientAgent(GetClientAgent());
+
+ //connect to the site and get a feature service and a resource service instances
+ MgSiteConnection site = new MgSiteConnection();
+ site.Open(cred);
+
+ //Get the MgWebLayout object
+ MgResourceService resourceSrvc = (MgResourceService)site.CreateService(MgServiceType.ResourceService);
+ MgResourceIdentifier webLayoutResId = new MgResourceIdentifier(webLayoutId);
+ MgWebLayout webLayout = new MgWebLayout(resourceSrvc, webLayoutResId);
+ MgWebTaskPane taskPane = webLayout.GetTaskPane();
+ String taskPaneUrl = taskPane.GetInitialTaskUrl();
+ String vpath = GetSurroundVirtualPath(Request);
+ if (taskPaneUrl == null || taskPaneUrl.Length == 0)
+ {
+ taskPaneUrl = "gettingstarted.aspx";
+ }
+
+ String url = HttpUtility.UrlDecode(taskPaneUrl);
+ int index = url.IndexOf("?");
+
+ if(index > 0)
+ {
+ String path = url.Substring(0, index);
+ String query = url.Substring(index+1);
+
+ if(query.Length > 0)
+ url = String.Format("{0}?SESSION={1}&WEBLAYOUT={2}&DWF={3}&LOCALE={4}&{5}", path, sessionId, HttpUtility.UrlEncode(webLayoutId), dwf, locale, query);
+ else
+ url = String.Format("{0}?SESSION={1}&WEBLAYOUT={2}&DWF={3}&LOCALE={4}", path, sessionId, HttpUtility.UrlEncode(webLayoutId), dwf, locale);
+
+ }
else
- url = String.Format("{0}?SESSION={1}&WEBLAYOUT={2}&DWF={3}&LOCALE={4}", path, session, HttpUtility.UrlEncode(webLayout), dwf, locale);
+ {
+ url = String.Format("{0}?SESSION={1}&WEBLAYOUT={2}&DWF={3}&LOCALE={4}", taskPaneUrl, sessionId, HttpUtility.UrlEncode(webLayoutId), dwf, locale);
+ }
+ String templ = LoadTemplate(Request, "../viewerfiles/taskframe.templ");
+ String[] vals = {
+ vpath + "tasklist.aspx",
+ locale,
+ url
+ };
+ Response.Write(Substitute(templ, vals));
}
- else
+ catch (MgException exc)
{
- url = String.Format("{0}?SESSION={1}&WEBLAYOUT={2}&DWF={3}&LOCALE={4}", taskPane, session, HttpUtility.UrlEncode(webLayout), dwf, locale);
+ OnError(MgLocalizer.GetString("TASKS", locale), exc.GetMessage());
+ return;
}
- String templ = LoadTemplate(Request, "../viewerfiles/taskframe.templ");
- String[] vals = {
- GetSurroundVirtualPath(Request) + "tasklist.aspx",
- locale,
- url
- };
-
- Response.Write(Substitute(templ, vals));
+ catch (Exception ne)
+ {
+ OnError(MgLocalizer.GetString("TASKS", locale), ne.Message);
+ return;
+ }
%>
<script runat="server">
@@ -75,11 +110,17 @@
void GetParameters(NameValueCollection parameters)
{
- taskPane = GetParameter(parameters, "TASK");
- session = GetParameter(parameters, "SESSION");
- webLayout = GetParameter(parameters, "WEBLAYOUT");
- dwf = GetParameter(parameters, "DWF");
- locale = GetParameter(parameters, "LOCALE");
+ sessionId = ValidateSessionId(GetParameter(parameters, "SESSION"));
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
+ webLayoutId = ValidateResourceId(GetParameter(parameters, "WEBLAYOUT"));
+ dwf = GetIntParameter(parameters, "DWF");
}
+void OnError(String title, String msg)
+{
+ String templ = MgLocalizer.Localize(LoadTemplate(Request, "../viewerfiles/errorpage.templ"), locale, GetClientOS(Request));
+ String[] vals = { "0", title, msg };
+ Response.Write(Substitute(templ, vals));
+}
+
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/tasklist.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/tasklist.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/tasklist.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -44,7 +44,7 @@
void GetParameters(NameValueCollection parameters)
{
- locale = GetParameter(parameters, "LOCALE");
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
}
</script>
Modified: trunk/MgDev/Web/src/mapviewernet/viewoptions.aspx
===================================================================
--- trunk/MgDev/Web/src/mapviewernet/viewoptions.aspx 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewernet/viewoptions.aspx 2010-04-06 15:56:33 UTC (rev 4744)
@@ -60,10 +60,10 @@
void GetParameters(NameValueCollection parameters)
{
+ locale = ValidateLocaleString(GetParameter(parameters, "LOCALE"));
tgt = GetIntParameter(parameters, "TGT");
popup = GetIntParameter(parameters, "POPUP");
dwf = GetIntParameter(parameters, "DWF");
- locale = GetParameter(parameters, "LOCALE");
}
</script>
Modified: trunk/MgDev/Web/src/mapviewerphp/ajaxviewerabout.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/ajaxviewerabout.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/ajaxviewerabout.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -70,8 +70,8 @@
{
global $sessionId, $locale;
- $sessionId = $params['SESSION'];
- $locale = $params['LOCALE'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/buffer.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/buffer.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/buffer.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -29,12 +29,12 @@
$lcolor = "";
$ffcolor = "";
$fbcolor = "";
- $transparent = "";
+ $transparent = 0;
$distance = 0;
$units = "";
$linestyle = "";
$fillstyle = "";
- $thickness = "";
+ $thickness = 0;
$merge = 0;
$foretrans = 50;
$selText = "";
@@ -362,27 +362,27 @@
global $mapName, $sessionId, $bufferName, $lcolor, $ffcolor, $fbcolor, $layersParam, $popup;
global $transparent, $distance, $units, $linestyle, $fillstyle, $thickness, $merge, $foretrans;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $popup = $params['POPUP'];
- $bufferName = $params['BUFFER'];
- $layersParam = $params['LAYERS'];
- $lcolor = $params['LCOLOR'];
- $ffcolor = $params['FFCOLOR'];
- $fbcolor = $params['FBCOLOR'];
- $foretrans = $params['FORETRANS'];
- $transparent = $params['TRANSPARENT'];
- $distance = GetDecimalFromLocalizedString($params['DISTANCE'], $locale);
- $units = $params['UNITS'];
- $linestyle = $params['LINESTYLE'];
- $fillstyle = $params['FILLSTYLE'];
- $thickness = $params['THICKNESS'];
+ $lcolor = ValidateColorString(GetParameter($params, 'LCOLOR'));
+ $ffcolor = ValidateColorString(GetParameter($params, 'FFCOLOR'));
+ $fbcolor = ValidateColorString(GetParameter($params, 'FBCOLOR'));
+ $popup = GetIntParameter($params, 'POPUP');
+ $transparent = GetIntParameter($params, 'TRANSPARENT');
+ $distance = GetDecimalFromLocalizedString(GetParameter($params, 'DISTANCE'), $locale);
if(isset($params['MERGE']))
$merge = 1;
- $selText = $params['SELECTION'];
+ $foretrans = GetDoubleParameter($params, 'FORETRANS');
+ $thickness = GetDoubleParameter($params, 'THICKNESS');
+ $bufferName = GetParameter($params, 'BUFFER');
+
+ $layersParam = GetParameter($params, 'LAYERS');
+ $units = GetParameter($params, 'UNITS');
+ $linestyle = GetParameter($params, 'LINESTYLE');
+ $fillstyle = GetParameter($params, 'FILLSTYLE');
+ $selText = GetParameter($params, 'SELECTION');
//unescape strings
//
Modified: trunk/MgDev/Web/src/mapviewerphp/bufferui.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/bufferui.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/bufferui.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -48,11 +48,11 @@
{
global $target, $cmdIndex, $clientWidth, $mapName, $sessionId, $popup, $us, $locale;
- $locale = $params['LOCALE'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $popup = $params['POPUP'];
- $us = $params['US'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $popup = GetIntParameter($params, 'POPUP');
+ $us = GetParameter($params, 'US');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/colorpicker.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/colorpicker.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/colorpicker.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -22,26 +22,25 @@
$locale = "";
$clr = "000000";
- $allowTransparency = 0;
- $transparent = 0;
+ $allowTransparency = false;
+ $transparent = false;
GetRequestParameters();
$templ = file_get_contents("../viewerfiles/colorpicker.templ");
SetLocalizedFilesPath(GetLocalizationPath());
$templ = Localize($templ, $locale, GetClientOS());
- print sprintf($templ, $clr, $allowTransparency? "true": "false", $transparent? "true": "false");
+ print sprintf($templ, $clr, $allowTransparency ? "true": "false", $transparent ? "true": "false");
function GetParameters($params)
{
global $clr, $allowTransparency, $transparent, $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $clr = $params['CLR'];
- $allowTransparency = $params['ALLOWTRANS'];
- $transparent = $params['TRANS'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $clr = ValidateColorString(GetParameter($params, 'CLR'));
+ $allowTransparency = (GetIntParameter($params, 'ALLOWTRANS') == 1);
+ $transparent = (GetIntParameter($params, 'TRANS') == 1);
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/common.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/common.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/common.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -158,4 +158,127 @@
return "Ajax Viewer";
}
+function ValidateSessionId($proposedSessionId)
+{
+ // 00000000-0000-0000-0000-000000000000_aa_00000000000000000000
+ $validSessionId = "";
+ if($proposedSessionId != null &&
+ preg_match('/^[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}_[A-Za-z]{2}_[A-Fa-f0-9]{20}$/', $proposedSessionId))
+ {
+ $validSessionId = $proposedSessionId;
+ }
+ return $validSessionId;
+}
+
+function ValidateLocaleString($proposedLocaleString)
+{
+ // aa or aa-aa
+ $validLocaleString = GetDefaultLocale(); // Default
+ if($proposedLocaleString != null &&
+ (preg_match('/^[A-Za-z]{2}$/', $proposedLocaleString) || preg_match('/^[A-Za-z]{2}-[A-Za-z]{2}$/', $proposedLocaleString)))
+ {
+ $validLocaleString = $proposedLocaleString;
+ }
+ return $validLocaleString;
+}
+
+function ValidateHyperlinkTargetValue($proposedHyperlinkTarget)
+{
+ // 1, 2 or 3
+ $validHyperlinkTarget = "1"; // Default
+ if($proposedHyperlinkTarget != null && preg_match('/^[1-3]$/', $proposedHyperlinkTarget))
+ {
+ $validHyperlinkTarget = $proposedHyperlinkTarget;
+ }
+ return $validHyperlinkTarget;
+}
+
+function ValidateFrameName($proposedFrameName)
+{
+ // Allowing alphanumeric characters and underscores in the frame name
+ $validFrameName = "";
+ if($proposedFrameName != null && preg_match('/^[a-zA-Z0-9_]*$/', $proposedFrameName))
+ {
+ $validFrameName = $proposedFrameName;
+ }
+ return $validFrameName;
+}
+
+function ValidateIntegerString($proposedNumberString)
+{
+ // Allow numeric characters only
+ $validNumberString = "";
+ if($proposedNumberString != null && preg_match('/^[0-9]*$/', $proposedNumberString))
+ {
+ $validNumberString = $proposedNumberString;
+ }
+ return $validNumberString;
+}
+
+function ValidateResourceId($proposedResourceId)
+{
+ $validResourceId = "";
+ try
+ {
+ $resId = new MgResourceIdentifier($proposedResourceId);
+ $validResourceId = $resId->ToString();
+ }
+ catch(MgException $ex)
+ {
+ $validResourceId = "";
+ }
+ return $validResourceId;
+}
+
+function ValidateMapName($proposedMapName)
+{
+ $validMapName = "";
+ if (strcspn($proposedMapName, "*:|?<'&\">=") == strlen($proposedMapName))
+ {
+ $validMapName = $proposedMapName;
+ }
+ return $validMapName;
+}
+
+function ValidateColorString($proposedColorString)
+{
+ $validColorString = "000000";
+ if ($proposedColorString != null && preg_match('/^[A-Fa-f0-9]{6}$/', $proposedColorString))
+ {
+ $validColorString = $proposedColorString;
+ }
+ return $validColorString;
+}
+
+function GetParameter($params, $paramName)
+{
+ $paramValue = "";
+
+ if(isset($params[$paramName]))
+ {
+ $paramValue = $params[$paramName];
+ }
+ return $paramValue;
+}
+
+function GetIntParameter($params, $paramName)
+{
+ $paramValue = 0;
+ if(isset($params[$paramName]) && is_numeric($params[$paramName]))
+ {
+ $paramValue = intval($params[$paramName]);
+ }
+ return $paramValue;
+}
+
+function GetDoubleParameter($params, $paramName)
+{
+ $paramValue = 0.0;
+ if(isset($params[$paramName]) && is_numeric($params[$paramName]))
+ {
+ $paramValue = doubleval($params[$paramName]);
+ }
+ return $paramValue;
+}
+
?>
Modified: trunk/MgDev/Web/src/mapviewerphp/gettingstarted.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/gettingstarted.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/gettingstarted.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -91,15 +91,11 @@
{
global $sessionId, $webLayout, $pageName, $dwf, $locale;
- $sessionId = $params['SESSION'];
- $webLayout = $params['WEBLAYOUT'];
- if(isset($params['PAGE']))
- $pageName = $params['PAGE'];
- $dwf = $params['DWF'] == "1";
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- else
- $locale = GetDefaultLocale();
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $webLayout = ValidateResourceId(GetParameter($params, 'WEBLAYOUT'));
+ $dwf = (GetIntParameter($params, 'DWF') == 1);
+ $pageName = GetParameter($params, 'PAGE');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/legend.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/legend.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/legend.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -55,7 +55,6 @@
$sessionId = "";
$summary = false;
$layerCount = 0;
- $layerIds = array();
$intermediateVar = 0;
GetRequestParameters();
@@ -409,20 +408,15 @@
function GetParameters($params)
{
- global $mapName, $sessionId, $summary, $layerCount, $layerIds;
+ global $mapName, $sessionId, $summary, $layerCount;
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
if(isset($params['SUMMARY']))
$summary = true;
else
{
- $layerCount = $params['LC'];
- if($layerCount > 0)
- {
- $layers = $params['LAYERS'];
- $layerIds = explode(",", $layers);
- }
+ $layerCount = GetIntParameter($params, 'LC');
}
}
Modified: trunk/MgDev/Web/src/mapviewerphp/legendctrl.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/legendctrl.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/legendctrl.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -41,13 +41,13 @@
{
global $mapName, $sessionId, $mapFrame, $locale;
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
if(isset($params['MAPFRAME']))
- $mapFrame = $params['MAPFRAME'];
+ $mapFrame = ValidateFrameName(GetParameter($params, 'MAPFRAME'));
else
$mapFrame = "parent";
- $locale = $params['LOCALE'];
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/legendui.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/legendui.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/legendui.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -32,7 +32,7 @@
{
global $locale;
- $locale = $params['LOCALE'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/mainframe.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/mainframe.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/mainframe.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -168,7 +168,7 @@
//
$srcToolbar = $showToolbar? ('src="' . $vpath . 'toolbar.php?LOCALE=' . $locale . '"'): '';
$srcStatusbar = $showStatusbar? ('src="' . $vpath . 'statusbar.php?LOCALE=' . $locale . '"') : "";
- $srcTaskFrame = $showTaskPane? ('src="' . $vpath . 'taskframe.php?TASK=' . $taskPaneUrl . '&WEBLAYOUT=' . urlencode($webLayoutDefinition) . '&DWF=' . ($forDwf? "1": "0") . '&SESSION=' . ($sessionId != ""? $sessionId: "") . '&LOCALE=' . $locale . '"') : '';
+ $srcTaskFrame = $showTaskPane? ('src="' . $vpath . 'taskframe.php?WEBLAYOUT=' . urlencode($webLayoutDefinition) . '&DWF=' . ($forDwf? "1": "0") . '&SESSION=' . ($sessionId != ""? $sessionId: "") . '&LOCALE=' . $locale . '"') : '';
$srcTaskBar = 'src="' . $vpath . 'taskbar.php?LOCALE=' . $locale . '"';
//view center
@@ -581,25 +581,21 @@
global $debug, $webLayoutDefinition;
global $sessionId, $username, $password, $orgSessionId, $locale;
- $webLayoutDefinition = $params['WEBLAYOUT'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $webLayoutDefinition = ValidateResourceId(GetParameter($params, 'WEBLAYOUT'));
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- else
- $locale = GetDefaultLocale();
-
if(isset($params['SESSION']))
{
- $sessionId = $params['SESSION'];
$orgSessionId = $sessionId;
}
else
{
if(isset($params['USERNAME']))
{
- $username = $params['USERNAME'];
+ $username = GetParameter($params, 'USERNAME');
if(isset($params['PASSWORD']))
- $password = $params['PASSWORD'];
+ $password = GetParameter($params, 'PASSWORD');
return;
}
Modified: trunk/MgDev/Web/src/mapviewerphp/mapframe.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/mapframe.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/mapframe.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -35,9 +35,6 @@
GetRequestParameters();
-if($locale == "")
- $locale = GetDefaultLocale();
-
SetLocalizedFilesPath(GetLocalizationPath());
if($type == "DWF")
@@ -170,30 +167,17 @@
global $infoWidth, $showLegend, $showProperties, $sessionId;
global $locale, $hlTgt, $hlTgtName, $showSlider;
- $type = $params['TYPE'];
- $hlTgt = $params['HLTGT'];
- $hlTgtName = $params['HLTGTNAME'];
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
-
- if(isset($params['INFOWIDTH']))
- $infoWidth = $params['INFOWIDTH'];
-
- if(isset($params['SHOWLEGEND']))
- $showLegend = $params['SHOWLEGEND'];
-
- if(isset($params['SHOWPROP']))
- $showProperties = $params['SHOWPROP'];
-
- if(isset($params['MAPDEFINITION']))
- $mapDefinition = $params['MAPDEFINITION'];
-
- if(isset($params['SESSION']))
- $sessionId = $params['SESSION'];
-
- if(isset($params['SHOWSLIDER']))
- $showSlider = $params['SHOWSLIDER'] == "1";
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $hlTgt = ValidateHyperlinkTargetValue(GetParameter($params, 'HLTGT'));
+ $hlTgtName = ValidateFrameName(GetParameter($params, 'HLTGTNAME'));
+ $mapDefinition = ValidateResourceId(GetParameter($params, 'MAPDEFINITION'));
+ $showLegend = (GetIntParameter($params, 'SHOWLEGEND') == 1);
+ $showProperties = (GetIntParameter($params, 'SHOWPROP') == 1);
+ $showSlider = (GetIntParameter($params, 'SHOWSLIDER') == 1);
+ $infoWidth = GetIntParameter($params, 'INFOWIDTH');
+ $type = GetParameter($params, 'TYPE');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/measure.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/measure.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/measure.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -285,23 +285,23 @@
global $mapName, $sessionId, $x1, $y1, $x2, $y2, $popup;
global $total, $clear, $us, $segId, $target, $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $target = $params['TGT'];
- $popup = $params['POPUP'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+
+ $target = GetIntParameter($params, 'TGT');
+ $popup = GetIntParameter($params, 'POPUP');
if(isset($params['CLEAR']))
$clear = true;
else
{
- $x1 = $params['X1'];
- $y1 = $params['Y1'];
- $x2 = $params['X2'];
- $y2 = $params['Y2'];
- $total = $params['TOTAL'];
- $us = $params['US'];
- $segId = $params['SEGID'];
+ $us = GetIntParameter($params, 'US');
+ $segId = GetIntParameter($params, 'SEGID');
+ $x1 = GetDoubleParameter($params, 'X1');
+ $y1 = GetDoubleParameter($params, 'Y1');
+ $x2 = GetDoubleParameter($params, 'X2');
+ $y2 = GetDoubleParameter($params, 'Y2');
+ $total = GetDoubleParameter($params, 'TOTAL');
}
}
Modified: trunk/MgDev/Web/src/mapviewerphp/measureui.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/measureui.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/measureui.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -22,8 +22,8 @@
$target = 0;
$locale = "";
$popup = 0;
- $cmdIndex = "";
- $clientWidth = "";
+ $cmdIndex = 0;
+ $clientWidth = 0;
$mapName = "";
$sessionId = "";
$total = 0;
@@ -42,15 +42,14 @@
{
global $target, $cmdIndex, $clientWidth, $mapName, $sessionId, $total, $popup, $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $target = $params['TGT'];
- $popup = $params['POPUP'];
- $cmdIndex = $params['CMDINDEX'];
- $clientWidth = $params['WIDTH'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $total = $params['TOTAL'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $target = GetIntParameter($params, 'TGT');
+ $popup = GetIntParameter($params, 'POPUP');
+ $cmdIndex = GetIntParameter($params, 'CMDINDEX');
+ $clientWidth = GetIntParameter($params, 'WIDTH');
+ $total = GetDoubleParameter($params, 'TOTAL');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/printablepage.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/printablepage.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/printablepage.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -23,14 +23,14 @@
$locale = "";
$mapName = "";
$sessionId = "";
- $isTitle = "";
- $isLegend = "";
- $isArrow = "";
+ $isTitle = 0;
+ $isLegend = 0;
+ $isArrow = 0;
$title = "";
- $scale = "";
- $centerX = "";
- $centerY = "";
- $dpi = "";
+ $scale = 0;
+ $centerX = 0;
+ $centerY = 0;
+ $dpi = 0;
GetRequestParameters();
@@ -50,7 +50,7 @@
$isTitle,
$isLegend,
$isArrow,
- $isTitle == "1"? $title: "",
+ $isTitle == 1 ? EscapeForHtml($title) : "",
$agent,
$mapName,
$sessionId
@@ -62,18 +62,17 @@
global $scale, $centerX, $centerY, $dpi;
global $isTitle, $isLegend, $isArrow;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $isTitle = $params['ISTITLE'];
- $isLegend = $params['ISLEGEND'];
- $isArrow = $params['ISARROW'];
- $title = $params['TITLE'];
- $scale = $params['SCALE'];
- $centerX = $params['CENTERX'];
- $centerY = $params['CENTERY'];
- $dpi = $params['DPI'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $isTitle = GetIntParameter($params, 'ISTITLE');
+ $isLegend = GetIntParameter($params, 'ISLEGEND');
+ $isArrow = GetIntParameter($params, 'ISARROW');
+ $dpi = GetIntParameter($params, 'DPI');
+ $scale = GetDoubleParameter($params, 'SCALE');
+ $centerX = GetDoubleParameter($params, 'CENTERX');
+ $centerY = GetDoubleParameter($params, 'CENTERY');
+ $title = GetParameter($params, 'TITLE');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/printablepageui.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/printablepageui.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/printablepageui.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -22,14 +22,14 @@
$locale = "";
$popup = 0;
- $clientWidth = "";
+ $clientWidth = 0;
$layerId = "";
$mapName = "";
$sessionId = "";
$scale = "";
$centerX = "";
$centerY = "";
- $dpi = "";
+ $dpi = 0;
GetRequestParameters();
@@ -54,16 +54,15 @@
global $mapName, $sessionId;
global $scale, $centerX, $centerY, $dpi;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $popup = $params['POPUP'];
- $clientWidth = $params['WIDTH'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $scale = $params['SCALE'];
- $centerX = $params['CENTERX'];
- $centerY = $params['CENTERY'];
- $dpi = $params['DPI'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $popup = GetIntParameter($params, 'POPUP');
+ $clientWidth = GetIntParameter($params, 'WIDTH');
+ $dpi = GetIntParameter($params, 'DPI');
+ $scale = GetDoubleParameter($params, 'SCALE');
+ $centerX = GetDoubleParameter($params, 'CENTERX');
+ $centerY = GetDoubleParameter($params, 'CENTERY');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/propertyctrl.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/propertyctrl.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/propertyctrl.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -34,10 +34,9 @@
{
global $locale, $mapFrame;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
if(isset($params['MAPFRAME']))
- $mapFrame = $params['MAPFRAME'];
+ $mapFrame = ValidateFrameName(GetParameter($params, 'MAPFRAME'));
else
$mapFrame = "parent";
}
Modified: trunk/MgDev/Web/src/mapviewerphp/search.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/search.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/search.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -1,7 +1,7 @@
<?php
//
-// Copyright (C) 2004-2010 by Autodesk, Inc.
+// Copyright (C) 2004-2009 by Autodesk, Inc.
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of version 2.1 of the GNU Lesser
@@ -34,7 +34,7 @@
$locale = "";
$userInput = "";
- $target = "";
+ $target = 0;
$popup = 0;
$layerName = "";
$mapName = "";
@@ -42,7 +42,7 @@
$filter = "";
$resNames = array();
$resProps = array();
- $matchLimit = "";
+ $matchLimit = 0;
GetRequestParameters();
SetLocalizedFilesPath(GetLocalizationPath());
@@ -273,25 +273,24 @@
global $userInput, $target, $layerName, $popup, $locale;
global $mapName, $sessionId, $filter, $resNames, $resProps, $matchLimit;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $userInput = $params['USERINPUT'];
- $target = $params['TGT'];
- $popup = $params['POPUP'];
- $layerName = $params['LAYER'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $filter = $params['FILTER'];
- $matchLimit = $params['MR'];
- $colCount = $params['COLS'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $target = GetIntParameter($params, 'TGT');
+ $popup = GetIntParameter($params, 'POPUP');
+ $matchLimit = GetIntParameter($params, 'MR');
+ $colCount = GetIntParameter($params, 'COLS');
if($colCount > 0)
{
for($i = 0; $i < $colCount; $i++)
{
- array_push($resNames, $params['CN' . $i]);
- array_push($resProps, $params['CP' . $i]);
+ array_push($resNames, GetParameter($params, 'CN' . $i));
+ array_push($resProps, GetParameter($params, 'CP' . $i));
}
}
+ $userInput = GetParameter($params, 'USERINPUT');
+ $layerName = GetParameter($params, 'LAYER');
+ $filter = GetParameter($params, 'FILTER');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/searchprompt.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/searchprompt.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/searchprompt.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -21,15 +21,15 @@
include 'constants.php';
$locale = "";
- $cmdIndex = "";
+ $cmdIndex = 0;
$target = 0;
$popup = 0;
- $clientWidth = "";
+ $clientWidth = 0;
$layerId = "";
$mapName = "";
$sessionId = "";
$filter = "";
- $matchLimit = "";
+ $matchLimit = 0;
GetRequestParameters();
@@ -46,7 +46,7 @@
$cmdIndex,
$target,
$popup,
- $layerId,
+ EscapeForHtml($layerId),
$mapName,
$sessionId,
EscapeForHtml($filter),
@@ -57,17 +57,16 @@
global $cmdIndex, $target, $clientWidth, $layerId, $popup, $locale;
global $mapName, $sessionId, $filter, $matchLimit;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $cmdIndex = $params['CMDINDEX'];
- $target = $params['TGT'];
- $popup = $params['POPUP'];
- $clientWidth = $params['WIDTH'];
- $layerId = $params['LAYER'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $filter = $params['FILTER'];
- $matchLimit = $params['MR'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $cmdIndex = GetIntParameter($params, 'CMDINDEX');
+ $target = GetIntParameter($params, 'TGT');
+ $popup = GetIntParameter($params, 'POPUP');
+ $clientWidth = GetIntParameter($params, 'WIDTH');
+ $matchLimit = GetIntParameter($params, 'MR');
+ $layerId = GetParameter($params, 'LAYER');
+ $filter = GetParameter($params, 'FILTER');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/selectwithin.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/selectwithin.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/selectwithin.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -24,7 +24,7 @@
$sessionId = "";
$inputSel = "";
$layers = null;
- $dwf = "";
+ $dwf = 0;
GetRequestParameters();
@@ -145,11 +145,12 @@
{
global $inputSel, $layers, $mapName, $sessionId, $dwf;
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $inputSel = UnescapeMagicQuotes($params['SELECTION']);
- $layers = $params['LAYERS'];
- $dwf = $params['DWF'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+ $dwf = GetIntParameter($params, 'DWF');
+
+ $inputSel = UnescapeMagicQuotes(GetParameter($params, 'SELECTION'));
+ $layers = GetParameter($params, 'LAYERS');
}
function UnescapeMagicQuotes($str)
Modified: trunk/MgDev/Web/src/mapviewerphp/selectwithinui.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/selectwithinui.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/selectwithinui.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -24,7 +24,7 @@
$popup = 0;
$mapName = "";
$sessionId = "";
- $dwf = "";
+ $dwf = 0;
GetRequestParameters();
@@ -38,12 +38,12 @@
{
global $mapName, $sessionId, $dwf, $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
- $popup = $params['POPUP'];
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $dwf = $params['DWF'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
+
+ $popup = GetIntParameter($params, 'POPUP');
+ $dwf = GetIntParameter($params, 'DWF');
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/setselection.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/setselection.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/setselection.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -97,11 +97,12 @@
{
global $mapName, $sessionId, $selText, $queryInfo;
- $mapName = $params['MAPNAME'];
- $sessionId = $params['SESSION'];
- $selText = UnescapeMagicQuotes($params['SELECTION']);
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $mapName = ValidateMapName(GetParameter($params, 'MAPNAME'));
if(isset($params['QUERYINFO']))
- $queryInfo = $params['QUERYINFO'] == "1";
+ $queryInfo = (GetIntParameter($params, 'QUERYINFO') == 1);
+
+ $selText = UnescapeMagicQuotes(GetParameter($params, 'SELECTION'));
}
function UnescapeMagicQuotes($str)
Modified: trunk/MgDev/Web/src/mapviewerphp/statusbar.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/statusbar.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/statusbar.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -40,8 +40,7 @@
{
global $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/taskbar.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/taskbar.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/taskbar.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -42,8 +42,7 @@
{
global $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/taskframe.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/taskframe.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/taskframe.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -1,7 +1,7 @@
<?php
//
-// Copyright (C) 2004-2010 by Autodesk, Inc.
+// Copyright (C) 2004-2009 by Autodesk, Inc.
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of version 2.1 of the GNU Lesser
@@ -18,36 +18,71 @@
//
include 'common.php';
+include 'constants.php';
-$taskPane = "";
-$session = "";
-$webLayout = "";
-$dwf = "";
+$sessionId = "";
+$webLayoutId = "";
+$dwf = 0;
$locale = "";
GetRequestParameters();
+SetLocalizedFilesPath(GetLocalizationPath());
-//If there is an initial url, it will be encoded, so parse the decoded url.
-$comp = parse_url(urldecode($taskPane));
+try
+{
+ InitializeWebTier();
-//If there is a query component to the initial url, append it to the end of the full url string
-if(!isset($comp["query"]) || strlen($comp["query"]) == 0)
- $url = sprintf("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s", $comp["path"], $session, urlencode($webLayout), $dwf, $locale);
-else
- $url = sprintf("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s&%s", $comp["path"], $session, urlencode($webLayout), $dwf, $locale, $comp["query"]);
+ $cred = new MgUserInformation($sessionId);
+ $cred->SetClientIp(GetClientIp());
+ $cred->SetClientAgent(GetClientAgent());
-$templ = file_get_contents("../viewerfiles/taskframe.templ");
-print sprintf($templ, GetSurroundVirtualPath()."tasklist.php", $locale, $url);
+ //Connect to the site
+ $site = new MgSiteConnection();
+ $site->Open($cred);
+ //Get the MgWebLayout object
+ $resourceSrvc = $site->CreateService(MgServiceType::ResourceService);
+ $webLayoutResId = new MgResourceIdentifier($webLayoutId);
+ $webLayout = new MgWebLayout($resourceSrvc, $webLayoutResId);
+ $taskPane = $webLayout->GetTaskPane();
+ $taskPaneUrl = $taskPane->GetInitialTaskUrl();
+ $vpath = GetSurroundVirtualPath();
+ if ($taskPaneUrl == null || strlen($taskPaneUrl) == 0)
+ {
+ $taskPaneUrl = "gettingstarted.php";
+ }
+
+ //If there is an initial url, it will be encoded, so parse the decoded url.
+ $comp = parse_url(urldecode($taskPaneUrl));
+
+ //If there is a query component to the initial url, append it to the end of the full url string
+ if(!isset($comp["query"]) || strlen($comp["query"]) == 0)
+ $url = sprintf("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s", $comp["path"], $sessionId, urlencode($webLayoutId), $dwf, $locale);
+ else
+ $url = sprintf("%s?SESSION=%s&WEBLAYOUT=%s&DWF=%s&LOCALE=%s&%s", $comp["path"], $sessionId, urlencode($webLayoutId), $dwf, $locale, $comp["query"]);
+
+ $templ = file_get_contents("../viewerfiles/taskframe.templ");
+ print sprintf($templ, $vpath ."tasklist.php", $locale, $url);
+}
+catch(MgException $e)
+{
+ OnError(GetLocalizedString( "TASKS", $locale ), $e->GetDetails());
+ return;
+}
+catch(Exception $ne)
+{
+ OnError(GetLocalizedString( "TASKS", $locale ), $ne->getMessage());
+ return;
+}
+
function GetParameters($params)
{
- global $taskPane, $session, $webLayout, $dwf, $locale;
+ global $taskPane, $sessionId, $webLayoutId, $dwf, $locale;
- $taskPane = $params['TASK'];
- $session = $params['SESSION'];
- $webLayout = $params['WEBLAYOUT'];
- $locale = $params['LOCALE'];
- $dwf = $params['DWF'];
+ $sessionId = ValidateSessionId(GetParameter($params, 'SESSION'));
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $webLayoutId = ValidateResourceId(GetParameter($params, 'WEBLAYOUT'));
+ $dwf = GetIntParameter($params, 'DWF');
}
function GetRequestParameters()
@@ -58,4 +93,11 @@
GetParameters($_GET);
}
+function OnError($title, $msg)
+{
+ global $target;
+ $templ = Localize(file_get_contents("../viewerfiles/errorpage.templ"), $locale, GetClientOS());
+ print sprintf($templ, "0", $title, $msg);
+}
+
?>
Modified: trunk/MgDev/Web/src/mapviewerphp/tasklist.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/tasklist.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/tasklist.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -29,8 +29,7 @@
{
global $locale;
- if(isset($params['LOCALE']))
- $locale = $params['LOCALE'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
}
function GetRequestParameters()
Modified: trunk/MgDev/Web/src/mapviewerphp/viewoptions.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/viewoptions.php 2010-04-06 15:54:19 UTC (rev 4743)
+++ trunk/MgDev/Web/src/mapviewerphp/viewoptions.php 2010-04-06 15:56:33 UTC (rev 4744)
@@ -35,10 +35,10 @@
{
global $tgt, $popup, $dwf, $locale;
- $tgt = $params['TGT'];
- $popup = $params['POPUP'];
- $dwf = $params['DWF'];
- $locale = $params['LOCALE'];
+ $locale = ValidateLocaleString(GetParameter($params, 'LOCALE'));
+ $tgt = GetIntParameter($params, 'TGT');
+ $popup = GetIntParameter($params, 'POPUP');
+ $dwf = GetIntParameter($params, 'DWF');
}
function GetRequestParameters()
More information about the mapguide-commits
mailing list