[mapguide-commits] r9339 - in trunk/MgDev: . UnitTest/WebTier/MapAgent/MapAgentForms

svn_mapguide at osgeo.org svn_mapguide at osgeo.org
Sat Mar 3 04:59:57 PST 2018 

Author: jng
Date: 2018-03-03 04:59:57 -0800 (Sat, 03 Mar 2018)
New Revision: 9339

Modified:
   trunk/MgDev/
   trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php
   trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php
   trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php
   trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php
   trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php
   trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php
Log:
Merged revision(s) 9135 from sandbox/adsk/3.2o.AIMS:
The open source application MapGuide provides several scripts which don't make sufficient encoding and verification of user input before using them to generate HTML-Code. HTML or script code might be inserted in the website by the hacker. The vulnerabilities can be recognized easily and can be located by automatic tools
........


Index: trunk/MgDev
===================================================================
--- trunk/MgDev	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev	2018-03-03 12:59:57 UTC (rev 9339)

Property changes on: trunk/MgDev
___________________________________________________________________
Modified: svn:mergeinfo
## -6,6 +6,7 ##
 /sandbox/adsk/2.6l:8727
 /sandbox/adsk/3.0m:8563,8584,8607,8625,8694-8695
 /sandbox/adsk/3.1n:8871,8895,8901,8912-8913,8921-8922,8942,9019-9020
+/sandbox/adsk/3.2o.AIMS:9135
 /sandbox/jng/clean_json:8818-9180
 /sandbox/jng/cmake_v2:9259-9317
 /sandbox/jng/cmdline:9199-9217
Modified: trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php
===================================================================
--- trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/checkwkt.php	2018-03-03 12:59:57 UTC (rev 9339)
@@ -29,7 +29,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>Status:</b><br>";
     echo "$status<br><br>";
 

Modified: trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php
===================================================================
--- trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/codetowkt.php	2018-03-03 12:59:57 UTC (rev 9339)
@@ -31,7 +31,8 @@
     }
 
     echo "<b>Code:</b><br>";
-    echo "$code<br><br>";
+    echo htmlentities(strip_tags($code), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>OGC WKT:</b><br>";
     echo "$wkt<br><br>";
     echo "<b>Status:</b><br>";

Modified: trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php
===================================================================
--- trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/epsgcodetowkt.php	2018-03-03 12:59:57 UTC (rev 9339)
@@ -32,7 +32,8 @@
     }
 
     echo "<b>EPSG Code:</b><br>";
-    echo "$code<br><br>";
+    echo htmlentities(strip_tags($code), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>OGC WKT:</b><br>";
     echo "$wkt<br><br>";
     echo "<b>Status:</b><br>";

Modified: trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php
===================================================================
--- trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/isvalid.php	2018-03-03 12:59:57 UTC (rev 9339)
@@ -36,7 +36,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>Status:</b><br>";
     echo "$status<br><br>";
 

Modified: trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php
===================================================================
--- trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttocode.php	2018-03-03 12:59:57 UTC (rev 9339)
@@ -31,7 +31,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>Code:</b><br>";
     echo "$code<br><br>";
     echo "<b>Status:</b><br>";

Modified: trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php
===================================================================
--- trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php	2018-03-03 12:50:08 UTC (rev 9338)
+++ trunk/MgDev/UnitTest/WebTier/MapAgent/MapAgentForms/wkttoepsgcode.php	2018-03-03 12:59:57 UTC (rev 9339)
@@ -31,7 +31,8 @@
     }
 
     echo "<b>OGC WKT:</b><br>";
-    echo "$wkt<br><br>";
+    echo htmlentities(strip_tags($wkt), ENT_NOQUOTES);
+    echo "<br><br>";
     echo "<b>EPSG Code:</b><br>";
     echo "$code<br><br>";
     echo "<b>Status:</b><br>";

More information about the mapguide-commits mailing list