[mapguide-commits] r9135 - sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms

svn_mapguide at osgeo.org svn_mapguide at osgeo.org
Fri Mar 10 00:21:34 PST 2017 

Author: simonliu
Date: 2017-03-10 00:21:34 -0800 (Fri, 10 Mar 2017)
New Revision: 9135

Modified:
   sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php
   sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php
   sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php
   sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php
   sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php
   sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php
Log:
The open source application MapGuide provides several scripts which don't make sufficient encoding and verification of user input before using them to generate HTML-Code. HTML or script code might be inserted in the website by the hacker. The vulnerabilities can be recognized easily and can be located by automatic tools

Modified: sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php
===================================================================
--- sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php	2017-03-06 08:38:23 UTC (rev 9134)
+++ sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php	2017-03-10 08:21:34 UTC (rev 9135)
@@ -29,7 +29,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>Status:</b><br>";
     echo "$status<br><br>";
 

Modified: sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php
===================================================================
--- sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php	2017-03-06 08:38:23 UTC (rev 9134)
+++ sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php	2017-03-10 08:21:34 UTC (rev 9135)
@@ -31,7 +31,8 @@
     }
 
     echo "<b>Code:</b><br>";
-    echo "$code<br><br>";
+    echo htmlentities(strip_tags($code), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>OGC WKT:</b><br>";
     echo "$wkt<br><br>";
     echo "<b>Status:</b><br>";

Modified: sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php
===================================================================
--- sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php	2017-03-06 08:38:23 UTC (rev 9134)
+++ sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php	2017-03-10 08:21:34 UTC (rev 9135)
@@ -32,7 +32,8 @@
     }
 
     echo "<b>EPSG Code:</b><br>";
-    echo "$code<br><br>";
+    echo htmlentities(strip_tags($code), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>OGC WKT:</b><br>";
     echo "$wkt<br><br>";
     echo "<b>Status:</b><br>";

Modified: sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php
===================================================================
--- sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php	2017-03-06 08:38:23 UTC (rev 9134)
+++ sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php	2017-03-10 08:21:34 UTC (rev 9135)
@@ -36,7 +36,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>Status:</b><br>";
     echo "$status<br><br>";
 

Modified: sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php
===================================================================
--- sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php	2017-03-06 08:38:23 UTC (rev 9134)
+++ sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php	2017-03-10 08:21:34 UTC (rev 9135)
@@ -31,7 +31,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>Code:</b><br>";
     echo "$code<br><br>";
     echo "<b>Status:</b><br>";

Modified: sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php
===================================================================
--- sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php	2017-03-06 08:38:23 UTC (rev 9134)
+++ sandbox/adsk/3.2o.AIMS/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php	2017-03-10 08:21:34 UTC (rev 9135)
@@ -31,7 +31,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>EPSG Code:</b><br>";
     echo "$code<br><br>";
     echo "<b>Status:</b><br>";

More information about the mapguide-commits mailing list