[mapguide-commits] r9045 - in branches/2.6/MgDev: . Web/src/mapviewerjava Web/src/mapviewernet Web/src/mapviewerphp
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Mon Sep 19 06:57:19 PDT 2016
Author: jng
Date: 2016-09-19 06:57:19 -0700 (Mon, 19 Sep 2016)
New Revision: 9045
Modified:
branches/2.6/MgDev/
branches/2.6/MgDev/Web/src/mapviewerjava/search.jsp
branches/2.6/MgDev/Web/src/mapviewernet/search.aspx
branches/2.6/MgDev/Web/src/mapviewerphp/search.php
Log:
Merged revision(s) 9042 from trunk/MgDev:
#2556: Escape single quotes in search command input.
Patch by tuceda. PHP/.net versions provided by me.
........
Property changes on: branches/2.6/MgDev
___________________________________________________________________
Modified: svn:mergeinfo
- /branches/2.4/MgDev:6749-6756,6777-6783,6785-6787,6789,6791-6794,6796-6801,6954-6962,6986-7006
/branches/3.0/MgDev:8658,8958-8959
/branches/3.1/MgDev:9026
/sandbox/adsk/2.6l:8727
/sandbox/adsk/3.0m:8563,8584,8607,8625
/sandbox/adsk/3.1n:8871,8912,8921-8922,8942,9019-9020
/sandbox/jng/createruntimemap:7486-7555
/sandbox/jng/php56x:8975-8985
/sandbox/jng/rfc155:8874-8884
/sandbox/rfc94:5099-5163
/trunk/MgDev:8209-8210,8230,8313,8333,8359,8388,8392,8423,8433,8439,8443-8444,8518-8519,8567-8568,8571,8588-8589,8595,8616-8618,8626,8682,8728,8844,8956,8980,8996,9000,9004-9006,9021,9028,9034,9038
+ /branches/2.4/MgDev:6749-6756,6777-6783,6785-6787,6789,6791-6794,6796-6801,6954-6962,6986-7006
/branches/3.0/MgDev:8658,8958-8959
/branches/3.1/MgDev:9026
/sandbox/adsk/2.6l:8727
/sandbox/adsk/3.0m:8563,8584,8607,8625
/sandbox/adsk/3.1n:8871,8912,8921-8922,8942,9019-9020
/sandbox/jng/createruntimemap:7486-7555
/sandbox/jng/php56x:8975-8985
/sandbox/jng/rfc155:8874-8884
/sandbox/rfc94:5099-5163
/trunk/MgDev:8209-8210,8230,8313,8333,8359,8388,8392,8423,8433,8439,8443-8444,8518-8519,8567-8568,8571,8588-8589,8595,8616-8618,8626,8682,8728,8844,8956,8980,8996,9000,9004-9006,9021,9028,9034,9038,9042
Modified: branches/2.6/MgDev/Web/src/mapviewerjava/search.jsp
===================================================================
--- branches/2.6/MgDev/Web/src/mapviewerjava/search.jsp 2016-09-19 13:57:05 UTC (rev 9044)
+++ branches/2.6/MgDev/Web/src/mapviewerjava/search.jsp 2016-09-19 13:57:19 UTC (rev 9045)
@@ -107,6 +107,8 @@
if(layer == null)
throw new SearchError(MessageFormat.format(MgLocalizer.GetString("SEARCHLAYERNOTFOUND", locale), new Object[] { layerName }), searchError);
+ userInput = userInput.replace("'", "''");
+
//substitute the input tag with the actual user input to make up the filter
int varIndex = filter.indexOf("$USER_VARIABLE");
if(varIndex != -1)
Modified: branches/2.6/MgDev/Web/src/mapviewernet/search.aspx
===================================================================
--- branches/2.6/MgDev/Web/src/mapviewernet/search.aspx 2016-09-19 13:57:05 UTC (rev 9044)
+++ branches/2.6/MgDev/Web/src/mapviewernet/search.aspx 2016-09-19 13:57:19 UTC (rev 9045)
@@ -95,6 +95,9 @@
{
throw new SearchError(String.Format(MgLocalizer.GetString("SEARCHLAYERNOTFOUND", locale), new Object[] { layerName }), searchError);
}
+
+ //escape single quote in userInput
+ userInput = userInput.Replace("'", "''");
//substitute the input tag with the actual user input to make up the filter
filter = filter.Replace("$USER_VARIABLE", userInput);
Modified: branches/2.6/MgDev/Web/src/mapviewerphp/search.php
===================================================================
--- branches/2.6/MgDev/Web/src/mapviewerphp/search.php 2016-09-19 13:57:05 UTC (rev 9044)
+++ branches/2.6/MgDev/Web/src/mapviewerphp/search.php 2016-09-19 13:57:19 UTC (rev 9045)
@@ -43,6 +43,7 @@
$resNames = array();
$resProps = array();
$matchLimit = 0;
+ $features = NULL;
GetRequestParameters();
SetLocalizedFilesPath(GetLocalizationPath());
@@ -78,6 +79,8 @@
{
trigger_error(FormatMessage("SEARCHLAYERNOTFOUND", $locale, array($layerName)));
}
+
+ $userInput = str_replace("'", "''", $userInput);
//unescape strings
//
More information about the mapguide-commits
mailing list