[mapguide-commits] r9043 - in branches/3.1/MgDev: . Web/src/mapviewerjava Web/src/mapviewernet Web/src/mapviewerphp

svn_mapguide at osgeo.org svn_mapguide at osgeo.org
Mon Sep 19 06:56:54 PDT 2016 

Author: jng
Date: 2016-09-19 06:56:54 -0700 (Mon, 19 Sep 2016)
New Revision: 9043

Modified:
   branches/3.1/MgDev/
   branches/3.1/MgDev/Web/src/mapviewerjava/search.jsp
   branches/3.1/MgDev/Web/src/mapviewernet/search.aspx
   branches/3.1/MgDev/Web/src/mapviewerphp/search.php
Log:
Merged revision(s) 9042 from trunk/MgDev:
#2556: Escape single quotes in search command input.

Patch by tuceda. PHP/.net versions provided by me.
........



Property changes on: branches/3.1/MgDev
___________________________________________________________________
Modified: svn:mergeinfo
   - /branches/2.4/MgDev:6749-6756,6777-6783,6785-6787,6789,6791-6794,6796-6801,6954-6962,6986-7006
/branches/2.6/MgDev:8276-8286,8288-8292,8297,8299,8301,8303,8314-8315,8318,8335,8340,8354-8355,8365,8373
/branches/3.0/MgDev:8658,8705,8710
/sandbox/VC140:8684-8759
/sandbox/adsk/2.6l:8727
/sandbox/adsk/3.0m:8563,8584,8607,8625,8694-8695
/sandbox/adsk/3.1n:8871,8895,8901,8912-8913,8921-8922,8942,9019-9020
/sandbox/jng/convenience_apis:8262-8268,8271-8363
/sandbox/jng/createruntimemap:7486-7555
/sandbox/jng/dwftk:8321-8324,8328-8329,8331,8352
/sandbox/jng/geos34x:8256-8259
/sandbox/jng/php56x:8975-8985
/sandbox/jng/rfc155:8872-8884
/sandbox/jng/tiling:8174-8208
/sandbox/jng/v30:8212-8227
/sandbox/rfc94:5099-5163
/trunk/MgDev:8955-8956,8969,8980-8981,8986,8996,9000,9004-9006,9010,9018-9021,9034,9038
   + /branches/2.4/MgDev:6749-6756,6777-6783,6785-6787,6789,6791-6794,6796-6801,6954-6962,6986-7006
/branches/2.6/MgDev:8276-8286,8288-8292,8297,8299,8301,8303,8314-8315,8318,8335,8340,8354-8355,8365,8373
/branches/3.0/MgDev:8658,8705,8710
/sandbox/VC140:8684-8759
/sandbox/adsk/2.6l:8727
/sandbox/adsk/3.0m:8563,8584,8607,8625,8694-8695
/sandbox/adsk/3.1n:8871,8895,8901,8912-8913,8921-8922,8942,9019-9020
/sandbox/jng/convenience_apis:8262-8268,8271-8363
/sandbox/jng/createruntimemap:7486-7555
/sandbox/jng/dwftk:8321-8324,8328-8329,8331,8352
/sandbox/jng/geos34x:8256-8259
/sandbox/jng/php56x:8975-8985
/sandbox/jng/rfc155:8872-8884
/sandbox/jng/tiling:8174-8208
/sandbox/jng/v30:8212-8227
/sandbox/rfc94:5099-5163
/trunk/MgDev:8955-8956,8969,8980-8981,8986,8996,9000,9004-9006,9010,9018-9021,9034,9038,9042

Modified: branches/3.1/MgDev/Web/src/mapviewerjava/search.jsp
===================================================================
--- branches/3.1/MgDev/Web/src/mapviewerjava/search.jsp	2016-09-19 13:54:37 UTC (rev 9042)
+++ branches/3.1/MgDev/Web/src/mapviewerjava/search.jsp	2016-09-19 13:56:54 UTC (rev 9043)
@@ -105,6 +105,8 @@
         if(layer == null)
             throw new SearchError(MessageFormat.format(MgLocalizer.GetString("SEARCHLAYERNOTFOUND", locale), new Object[] { layerName }), searchError);
 
+        userInput = userInput.replace("'", "''");
+
         //substitute the input tag with the actual user input to make up the filter
         int varIndex = filter.indexOf("$USER_VARIABLE");
         if(varIndex != -1)

Modified: branches/3.1/MgDev/Web/src/mapviewernet/search.aspx
===================================================================
--- branches/3.1/MgDev/Web/src/mapviewernet/search.aspx	2016-09-19 13:54:37 UTC (rev 9042)
+++ branches/3.1/MgDev/Web/src/mapviewernet/search.aspx	2016-09-19 13:56:54 UTC (rev 9043)
@@ -93,6 +93,9 @@
             {
                 throw new SearchError(String.Format(MgLocalizer.GetString("SEARCHLAYERNOTFOUND", locale), new Object[] { layerName }), searchError);
             }
+            
+            //escape single quote in userInput
+            userInput = userInput.Replace("'", "''");
 
             //substitute the input tag with the actual user input to make up the filter
             filter = filter.Replace("$USER_VARIABLE", userInput);

Modified: branches/3.1/MgDev/Web/src/mapviewerphp/search.php
===================================================================
--- branches/3.1/MgDev/Web/src/mapviewerphp/search.php	2016-09-19 13:54:37 UTC (rev 9042)
+++ branches/3.1/MgDev/Web/src/mapviewerphp/search.php	2016-09-19 13:56:54 UTC (rev 9043)
@@ -43,6 +43,7 @@
     $resNames = array();
     $resProps = array();
     $matchLimit = 0;
+    $features = NULL;
 
     GetRequestParameters();
     SetLocalizedFilesPath(GetLocalizationPath());
@@ -77,6 +78,8 @@
         {
             trigger_error(FormatMessage("SEARCHLAYERNOTFOUND", $locale, array($layerName)));
         }
+        
+        $userInput = str_replace("'", "''", $userInput);
 
         //unescape strings
         //

More information about the mapguide-commits mailing list