[mapserver-commits] r8853 - branches/branch-5-4/mapserver
svn at osgeo.org
svn at osgeo.org
Tue Mar 31 23:03:55 EDT 2009
Author: sdlime
Date: 2009-03-31 23:03:55 -0400 (Tue, 31 Mar 2009)
New Revision: 8853
Modified:
branches/branch-5-4/mapserver/mapquery.c
Log:
Validate query file extension (.qy) before opening. (#2939)
Modified: branches/branch-5-4/mapserver/mapquery.c
===================================================================
--- branches/branch-5-4/mapserver/mapquery.c 2009-04-01 02:58:24 UTC (rev 8852)
+++ branches/branch-5-4/mapserver/mapquery.c 2009-04-01 03:03:55 UTC (rev 8853)
@@ -121,6 +121,11 @@
return(MS_FAILURE);
}
+ /*
+ ** Make sure the file at least has the right extension.
+ */
+ if(msEvalRegex("\\.qy$", filename) != MS_TRUE) return MS_FAILURE;
+
stream = fopen(filename, "rb");
if(!stream) {
msSetError(MS_IOERR, "(%s)", "msLoadQuery()", filename);
More information about the mapserver-commits
mailing list