[mapserver-commits] r11890 - branches/branch-6-0/mapserver

svn at osgeo.org svn at osgeo.org
Tue Jul 12 09:06:14 EDT 2011


Author: assefa
Date: 2011-07-12 06:06:14 -0700 (Tue, 12 Jul 2011)
New Revision: 11890

Modified:
   branches/branch-6-0/mapserver/HISTORY.TXT
   branches/branch-6-0/mapserver/maplayer.c
   branches/branch-6-0/mapserver/mapogcfilter.c
   branches/branch-6-0/mapserver/mapogcfilter.h
   branches/branch-6-0/mapserver/mapogcsos.c
   branches/branch-6-0/mapserver/mapogr.cpp
   branches/branch-6-0/mapserver/mappostgis.c
   branches/branch-6-0/mapserver/mapserver.h
Log:
Security fixes (#3903)

Modified: branches/branch-6-0/mapserver/HISTORY.TXT
===================================================================
--- branches/branch-6-0/mapserver/HISTORY.TXT	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/HISTORY.TXT	2011-07-12 13:06:14 UTC (rev 11890)
@@ -14,6 +14,15 @@
 
 Version 6.0.1 (SVN branch-6-0):
 ---------------------------
+
+IMPORTANT SECURITY FIXES:
+
+-  Fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS 
+   and SOS), as well as a potential SQL injection in WMS time support. 
+   Your system may be vulnerable if it has MapServer with OGC protocols 
+   enabled, with layers connecting to an SQL RDBMS backend, either 
+   natively or via OGR (#3903) 
+
 - Applied patch for ticket (symbol writing issues) (#3589)
 
 - Fix performance issue with Oracle and scrollable cursors (#3905)

Modified: branches/branch-6-0/mapserver/maplayer.c
===================================================================
--- branches/branch-6-0/mapserver/maplayer.c	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/maplayer.c	2011-07-12 13:06:14 UTC (rev 11890)
@@ -1220,6 +1220,85 @@
   return MS_FALSE;
 }
 
+/************************************************************************/
+/*                          LayerDefaultEscapeSQLParam                  */
+/*                                                                      */
+/*      Default function used to escape strings and avoid sql           */
+/*      injection. Specific drivers should redefine if an escaping      */
+/*      function is available in the driver.                            */
+/************************************************************************/
+char *LayerDefaultEscapeSQLParam(layerObj *layer, const char* pszString)
+{
+     char *pszEscapedStr=NULL;
+     if (pszString)
+     {
+         int nSrcLen;
+         char c;
+         int i=0, j=0;
+         nSrcLen = (int)strlen(pszString);
+         pszEscapedStr = (char*) msSmallMalloc( 2 * nSrcLen + 1);
+         for(i = 0, j = 0; i < nSrcLen; i++)
+         {
+             c = pszString[i];
+             if (c == '\'')
+             {
+                 pszEscapedStr[j++] = '\'';
+                 pszEscapedStr[j++] = '\'';
+             }
+             else if (c == '\\')
+             {
+                 pszEscapedStr[j++] = '\\';
+                 pszEscapedStr[j++] = '\\';
+             }
+             else
+               pszEscapedStr[j++] = c;
+         }
+         pszEscapedStr[j] = 0;
+     }  
+     return pszEscapedStr;
+}
+
+/************************************************************************/
+/*                          LayerDefaultEscapePropertyName              */
+/*                                                                      */
+/*      Return the property name in a properly escaped and quoted form. */
+/************************************************************************/
+char *LayerDefaultEscapePropertyName(layerObj *layer, const char* pszString)
+{
+     char* pszEscapedStr=NULL;
+     int i, j = 0;   
+
+     if (layer && pszString && strlen(pszString) > 0)
+     {
+         int nLength = strlen(pszString);
+
+         pszEscapedStr = (char*) msSmallMalloc( 1 + 2 * nLength + 1 + 1);
+         pszEscapedStr[j++] = '"';
+
+         for (i=0; i<nLength; i++)
+         {
+             char c = pszString[i];
+             if (c == '"')
+             {
+                 pszEscapedStr[j++] = '"';
+                 pszEscapedStr[j++] ='"';
+             }
+             else if (c == '\\')
+             {
+                 pszEscapedStr[j++] = '\\';
+                 pszEscapedStr[j++] = '\\';
+             }
+             else
+               pszEscapedStr[j++] = c;
+         }
+         pszEscapedStr[j++] = '"';
+         pszEscapedStr[j++] = 0;
+        
+     }
+     return pszEscapedStr;
+}
+
+
 /*
  * msConnectLayer
  *
@@ -1280,6 +1359,10 @@
   
   vtable->LayerGetAutoProjection = LayerDefaultAutoProjection;
 
+  vtable->LayerEscapeSQLParam = LayerDefaultEscapeSQLParam;
+
+  vtable->LayerEscapePropertyName = LayerDefaultEscapePropertyName;
+
   return MS_SUCCESS;
 }
 
@@ -1451,6 +1534,32 @@
     return i;
 }
 
+
+
+/*
+Returns an escaped string
+*/
+char  *msLayerEscapeSQLParam(layerObj *layer, const char*pszString) 
+{
+    if ( ! layer->vtable) {
+        int rv =  msInitializeVirtualTable(layer);
+        if (rv != MS_SUCCESS)
+            return "";
+    }
+    return layer->vtable->LayerEscapeSQLParam(layer, pszString);
+}
+
+char  *msLayerEscapePropertyName(layerObj *layer, const char*pszString) 
+{
+    if ( ! layer->vtable) {
+        int rv =  msInitializeVirtualTable(layer);
+        if (rv != MS_SUCCESS)
+            return "";
+    }
+    return layer->vtable->LayerEscapePropertyName(layer, pszString);
+}
+
+
 int
 msINLINELayerInitializeVirtualTable(layerObj *layer)
 {
@@ -1482,6 +1591,8 @@
     /* layer->vtable->LayerCreateItems, use default */
     layer->vtable->LayerGetNumFeatures = msINLINELayerGetNumFeatures;
 
+    /*layer->vtable->LayerEscapeSQLParam, use default*/
+    /*layer->vtable->LayerEscapePropertyName, use default*/
     return MS_SUCCESS;
 }
 

Modified: branches/branch-6-0/mapserver/mapogcfilter.c
===================================================================
--- branches/branch-6-0/mapserver/mapogcfilter.c	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/mapogcfilter.c	2011-07-12 13:06:14 UTC (rev 11890)
@@ -265,6 +265,8 @@
 }
 
 
+
+
 /************************************************************************/
 /*                        FLTIsSimpleFilterNoSpatial                    */
 /*                                                                      */
@@ -2027,7 +2029,6 @@
     char szTmp[256];
     char **tokens = NULL;
     int nTokens = 0, i=0, bString=0;
-    char *pszTmp;
 
     if (psFilterNode == NULL || lp == NULL)
       return NULL;
@@ -2052,8 +2053,8 @@
                                 "PropertyIsLike") == 0)
             {
                  pszExpression = 
-                   FLTGetIsLikeComparisonSQLExpression(psFilterNode,
-                                                       connectiontype);
+                   FLTGetIsLikeComparisonSQLExpression(psFilterNode, lp);
+
             }
         }
     }
@@ -2092,17 +2093,22 @@
                 {
                     for (i=0; i<nTokens; i++)
                     {
-                        if (i == 0)
-                        {
-                            pszTmp = tokens[0];
-                            if (FLTIsNumeric(pszTmp) == MS_FALSE)    
-                               bString = 1;
-                        }
+                        char *pszEscapedStr = NULL;
+                        if (strlen(tokens[i]) <= 0)
+                          continue;
+
+                        if (FLTIsNumeric((tokens[i])) == MS_FALSE)    
+                          bString = 1;
+
+                        pszEscapedStr = msLayerEscapeSQLParam(lp, tokens[i]);
                         if (bString)
-                            snprintf(szTmp, sizeof(szTmp), "(%s = '%s')" , pszAttribute, tokens[i]);
+                            snprintf(szTmp, sizeof(szTmp), "(%s = '%s')" , pszAttribute, pszEscapedStr);
                         else
-                            snprintf(szTmp, sizeof(szTmp), "(%s = %s)" , pszAttribute, tokens[i]);
+                            snprintf(szTmp, sizeof(szTmp), "(%s = %s)" , pszAttribute, pszEscapedStr);
 
+                        msFree(pszEscapedStr);
+                        pszEscapedStr=NULL;
+
                         if (pszExpression != NULL)
                           pszExpression = msStringConcatenate(pszExpression, " OR ");
                         else
@@ -2466,6 +2472,7 @@
 
 
 
+
 /************************************************************************/
 /*                      FLTGetBinaryComparisonSQLExpresssion            */
 /*                                                                      */
@@ -2478,6 +2485,7 @@
     char szBuffer[1024];
     int bString=0;
     char szTmp[256];
+    char* pszEscapedStr = NULL;
 
     szBuffer[0] = '\0';
     if (!psFilterNode || !
@@ -2507,13 +2515,11 @@
       
 
     /*opening bracket*/
-    /*for postgis layers double quote the attribute name, allowing reserved names to
- *       be used as attribute name #3311*/
-    if (lp->connectiontype == MS_POSTGIS)
-      strlcat(szBuffer, " (\"", bufferSize);
-    else
-      strlcat(szBuffer, " (", bufferSize);
+    strlcat(szBuffer, " (", bufferSize);
 
+    pszEscapedStr = msLayerEscapePropertyName(lp, psFilterNode->psLeftNode->pszValue);
+
+
     /* attribute */
     /*case insensitive set ? */
     if (bString &&
@@ -2522,14 +2528,14 @@
         psFilterNode->psRightNode->pOther && 
         (*(int *)psFilterNode->psRightNode->pOther) == 1)
     {
-        snprintf(szTmp, sizeof(szTmp), "lower(%s) ",  psFilterNode->psLeftNode->pszValue);
+        snprintf(szTmp, sizeof(szTmp), "lower(%s) ",  pszEscapedStr);
         strlcat(szBuffer, szTmp, bufferSize);
     }
     else
-      strlcat(szBuffer, psFilterNode->psLeftNode->pszValue, bufferSize);
+      strlcat(szBuffer, pszEscapedStr, bufferSize);
 
-    if (lp->connectiontype == MS_POSTGIS)
-     strlcat(szBuffer, "\"", bufferSize);
+    msFree(pszEscapedStr);
+    pszEscapedStr = NULL;
 
 
     /* logical operator */
@@ -2572,7 +2578,18 @@
           strlcat(szBuffer, "'", bufferSize);
     
         if (psFilterNode->psRightNode->pszValue)
-          strlcat(szBuffer, psFilterNode->psRightNode->pszValue, bufferSize);
+        {
+            if (bString)
+            {
+               char* pszEscapedStr;
+                pszEscapedStr = msLayerEscapeSQLParam(lp, psFilterNode->psRightNode->pszValue);
+                strlcat(szBuffer, pszEscapedStr, bufferSize);
+                msFree(pszEscapedStr);
+                pszEscapedStr=NULL;
+            }
+            else
+                strlcat(szBuffer, psFilterNode->psRightNode->pszValue, bufferSize);
+        }
 
         if (bString)
           strlcat(szBuffer, "'", bufferSize);
@@ -2599,8 +2616,8 @@
     int nBounds = 0;
     int bString=0;
     char szTmp[256];
+    char* pszEscapedStr;
 
-
     szBuffer[0] = '\0';
     if (!psFilterNode ||
         !(strcasecmp(psFilterNode->pszValue, "PropertyIsBetween") == 0))
@@ -2647,15 +2664,23 @@
     strlcat(szBuffer, " (", bufferSize);
 
     /* attribute */
-    strlcat(szBuffer, psFilterNode->psLeftNode->pszValue, bufferSize);
+    pszEscapedStr = msLayerEscapePropertyName(lp, psFilterNode->psLeftNode->pszValue);
 
+    strlcat(szBuffer, pszEscapedStr, bufferSize);
+    msFree(pszEscapedStr);
+    pszEscapedStr = NULL;
+
     /*between*/
     strlcat(szBuffer, " BETWEEN ", bufferSize);
 
     /*bound 1*/
     if (bString)
       strlcat(szBuffer,"'", bufferSize);
-    strlcat(szBuffer, aszBounds[0], bufferSize);
+    pszEscapedStr = msLayerEscapeSQLParam( lp, aszBounds[0]);
+    strlcat(szBuffer, pszEscapedStr, bufferSize);
+    msFree(pszEscapedStr);
+    pszEscapedStr=NULL;
+
     if (bString)
       strlcat(szBuffer,"'", bufferSize);
 
@@ -2664,7 +2689,11 @@
     /*bound 2*/
     if (bString)
       strlcat(szBuffer, "'", bufferSize);
-    strlcat(szBuffer, aszBounds[1], bufferSize);
+    pszEscapedStr = msLayerEscapeSQLParam( lp, aszBounds[1]);
+    strlcat(szBuffer, pszEscapedStr, bufferSize);
+    msFree(pszEscapedStr);
+    pszEscapedStr=NULL;
+
     if (bString)
       strlcat(szBuffer,"'", bufferSize);
 
@@ -2900,7 +2929,7 @@
 /*      Build an sql expression for IsLike filter.                      */
 /************************************************************************/
 char *FLTGetIsLikeComparisonSQLExpression(FilterEncodingNode *psFilterNode,
-                                          int connectiontype)
+                                          layerObj *lp)
 {
     const size_t bufferSize = 1024;
     char szBuffer[1024];
@@ -2911,9 +2940,11 @@
     char *pszEscape = NULL;
     char szTmp[4];
 
-    int nLength=0, i=0, iBuffer = 0;
+    int nLength=0, i=0, j=0;
     int  bCaseInsensitive = 0;
 
+    char *pszEscapedStr = NULL;
+
     if (!psFilterNode || !psFilterNode->pOther || !psFilterNode->psLeftNode ||
         !psFilterNode->psRightNode || !psFilterNode->psRightNode->pszValue)
       return NULL;
@@ -2928,15 +2959,29 @@
         !pszEscape || strlen(pszEscape) == 0)
       return NULL;
 
- 
+    if (pszEscape[0] == '\'')
+    {
+        /* This might be valid, but the risk of SQL injection is too high */
+        /* and the below code is not ready for that */
+        /* Someone who does this has clearly suspect intentions ! */
+        msSetError(MS_MISCERR, "Single quote character is not allowed as an escaping character.",
+                   "FLTGetIsLikeComparisonSQLExpression()");
+        return NULL;
+    }
 
+
     szBuffer[0] = '\0';
     /*opening bracket*/
     strlcat(szBuffer, " (", bufferSize);
 
     /* attribute name */
-    strlcat(szBuffer, psFilterNode->psLeftNode->pszValue, bufferSize);
-    if (bCaseInsensitive == 1 && connectiontype == MS_POSTGIS)
+    pszEscapedStr = msLayerEscapePropertyName(lp, psFilterNode->psLeftNode->pszValue);
+
+    strlcat(szBuffer, pszEscapedStr, bufferSize);
+    msFree(pszEscapedStr);
+    pszEscapedStr = NULL;
+
+    if (bCaseInsensitive == 1 && lp->connectiontype == MS_POSTGIS)
       strlcat(szBuffer, " ilike '", bufferSize);
     else
       strlcat(szBuffer, " like '", bufferSize);
@@ -2944,46 +2989,60 @@
    
     pszValue = psFilterNode->psRightNode->pszValue;
     nLength = strlen(pszValue);
-    iBuffer = strlen(szBuffer);
-    for (i=0; i<nLength; i++)
+
+    pszEscapedStr = (char*) msSmallMalloc( 3 * nLength + 1);
+
+    for (i=0, j=0; i<nLength; i++)
     {
-        if (pszValue[i] != pszWild[0] && 
-            pszValue[i] != pszSingle[0] &&
-            pszValue[i] != pszEscape[0])
+        char c = pszValue[i];
+        if (c != pszWild[0] &&
+            c != pszSingle[0] &&
+            c != pszEscape[0])
         {
-            szBuffer[iBuffer] = pszValue[i];
-            iBuffer++;
-            szBuffer[iBuffer] = '\0';
+            if (c == '\'')
+            {
+                pszEscapedStr[j++] = '\'';
+                pszEscapedStr[j++] = '\'';
+            }
+            else if (c == '\\')
+            {
+                pszEscapedStr[j++] = '\\';
+                pszEscapedStr[j++] = '\\';
+            }
+            else
+                pszEscapedStr[j++] = c;
         }
-        else if  (pszValue[i] == pszSingle[0])
+        else if  (c == pszSingle[0])
         {
-             szBuffer[iBuffer] = '_';
-             iBuffer++;
-             szBuffer[iBuffer] = '\0';
+            pszEscapedStr[j++] = '_';
         }
-        else if  (pszValue[i] == pszEscape[0])
+        else if  (c == pszEscape[0])
         {
-            szBuffer[iBuffer] = pszEscape[0];
-            iBuffer++;
-            szBuffer[iBuffer] = '\0';
-            /*if (i<nLength-1)
+            pszEscapedStr[j++] = pszEscape[0];
+            if (i+1<nLength)
             {
-                szBuffer[iBuffer] = pszValue[i+1];
-                iBuffer++;
-                szBuffer[iBuffer] = '\0';
+                char nextC = pszValue[i+1];
+                i++;
+                if (nextC == '\'')
+                {
+                    pszEscapedStr[j++] = '\'';
+                    pszEscapedStr[j++] = '\'';
+                }
+                else
+                    pszEscapedStr[j++] = nextC;
             }
-            */
         }
-        else if (pszValue[i] == pszWild[0])
+        else if (c == pszWild[0])
         {
-            strlcat(szBuffer, "%", bufferSize);
-            iBuffer++;
-            szBuffer[iBuffer] = '\0';
+            pszEscapedStr[j++] = '%';
         }
-    } 
+    }
+    pszEscapedStr[j++] = 0;
+    strlcat(szBuffer, pszEscapedStr, bufferSize);
+    msFree(pszEscapedStr);
 
     strlcat(szBuffer, "'", bufferSize);
-    if (connectiontype != MS_OGR)
+    if (lp->connectiontype != MS_OGR)
     {
       strlcat(szBuffer, " escape '", bufferSize);
       szTmp[0] = pszEscape[0];

Modified: branches/branch-6-0/mapserver/mapogcfilter.h
===================================================================
--- branches/branch-6-0/mapserver/mapogcfilter.h	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/mapogcfilter.h	2011-07-12 13:06:14 UTC (rev 11890)
@@ -109,8 +109,8 @@
 MS_DLL_EXPORT char *FLTGetSQLExpression(FilterEncodingNode *psFilterNode,layerObj *lp);
 MS_DLL_EXPORT char *FLTGetBinaryComparisonSQLExpresssion(FilterEncodingNode *psFilterNode, layerObj *lp);
 MS_DLL_EXPORT char *FLTGetIsBetweenComparisonSQLExpresssion(FilterEncodingNode *psFilterNode, layerObj *lp);
-MS_DLL_EXPORT char *FLTGetIsLikeComparisonSQLExpression(FilterEncodingNode *psFilterNode,
-                                       int connectiontype);
+MS_DLL_EXPORT char *FLTGetIsLikeComparisonSQLExpression(FilterEncodingNode *psFilterNode, layerObj *lp);
+
 MS_DLL_EXPORT char *FLTGetLogicalComparisonSQLExpresssion(FilterEncodingNode *psFilterNode,
                                             layerObj *lp);
 MS_DLL_EXPORT int FLTIsSimpleFilter(FilterEncodingNode *psFilterNode);

Modified: branches/branch-6-0/mapserver/mapogcsos.c
===================================================================
--- branches/branch-6-0/mapserver/mapogcsos.c	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/mapogcsos.c	2011-07-12 13:06:14 UTC (rev 11890)
@@ -1843,6 +1843,7 @@
   char *pszProcedureValue = NULL;
   int iItemPosition, status;
   shapeObj sShape;
+  char* pszEscapedStr = NULL;
 
   sBbox = map->extent;
 
@@ -2075,15 +2076,25 @@
               pszBuffer = msStringConcatenate(pszBuffer, "(");
                             
               if (!bSpatialDB)
-                pszBuffer = msStringConcatenate(pszBuffer, "'[");
+              {
+                  pszBuffer = msStringConcatenate(pszBuffer, "'[");
+                  pszBuffer = msStringConcatenate(pszBuffer, (char *)pszProcedureItem);
+              }
+              else
+              {
+                  pszEscapedStr = msLayerEscapePropertyName(lp, (char *)pszProcedureItem);
+                  pszBuffer = msStringConcatenate(pszBuffer, pszEscapedStr);
+                  msFree(pszEscapedStr);
+                  pszEscapedStr = NULL;
+              }
 
-              pszBuffer = msStringConcatenate(pszBuffer, (char *)pszProcedureItem);
-
               if (!bSpatialDB)
                 pszBuffer = msStringConcatenate(pszBuffer, "]'");
 
               pszBuffer = msStringConcatenate(pszBuffer, " = '");
-              pszBuffer = msStringConcatenate(pszBuffer,  tokens[j]);
+              pszEscapedStr = msLayerEscapeSQLParam(lp, tokens[j]);
+              pszBuffer = msStringConcatenate(pszBuffer,  pszEscapedStr);
+              msFree(pszEscapedStr);
               pszBuffer = msStringConcatenate(pszBuffer,  "')");
             }
                                 

Modified: branches/branch-6-0/mapserver/mapogr.cpp
===================================================================
--- branches/branch-6-0/mapserver/mapogr.cpp	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/mapogr.cpp	2011-07-12 13:06:14 UTC (rev 11890)
@@ -3698,6 +3698,66 @@
 }
 
 /************************************************************************/
+/*                           msOGREscapeSQLParam                        */
+/************************************************************************/
+char *msOGREscapeSQLParam(layerObj *layer, const char *pszString)
+{
+    char* pszEscapedStr =NULL;
+#ifdef USE_OGR
+    if(layer && pszString && strlen(pszString) > 0)
+    {
+        char* pszEscapedOGRStr =  CPLEscapeString(pszString, strlen(pszString),  
+		                                    CPLES_SQL ); 
+	pszEscapedStr = msStrdup(pszEscapedOGRStr);
+        CPLFree(pszEscapedOGRStr);
+	return pszEscapedStr; 
+    }
+#else
+/* ------------------------------------------------------------------
+ * OGR Support not included...
+ * ------------------------------------------------------------------ */
+
+  msSetError(MS_MISCERR, "OGR support is not available.", 
+             "msOGREscapeSQLParam()");
+  return NULL;
+
+#endif /* USE_OGR */  
+}
+
+
+/************************************************************************/
+/*                           msOGREscapeSQLParam                        */
+/************************************************************************/
+char *msOGREscapePropertyName(layerObj *layer, const char *pszString)
+{
+    char* pszEscapedStr =NULL;
+    int i =0;
+#ifdef USE_OGR
+    if(layer && pszString && strlen(pszString) > 0)
+    {
+        unsigned char ch;
+        for(i=0; (ch = ((unsigned char*)pszString)[i]) != '\0'; i++)
+        {
+            if ( !(isalnum(ch) || ch == '_' || ch > 127) )
+            {
+                return msStrdup("invalid_property_name");
+            }
+        }
+        pszEscapedStr = msStrdup(pszString);
+    }
+    return pszEscapedStr;
+#else
+/* ------------------------------------------------------------------
+ * OGR Support not included...
+ * ------------------------------------------------------------------ */
+
+  msSetError(MS_MISCERR, "OGR support is not available.", 
+             "msOGREscapePropertyName()");
+  return NULL;
+
+#endif /* USE_OGR */  
+}
+/************************************************************************/
 /*                  msOGRLayerInitializeVirtualTable()                  */
 /************************************************************************/
 int
@@ -3724,6 +3784,9 @@
     /* layer->vtable->LayerGetNumFeatures, use default */
     /* layer->vtable->LayerGetAutoProjection, use defaut*/
 
+    layer->vtable->LayerEscapeSQLParam = msOGREscapeSQLParam;
+    layer->vtable->LayerEscapePropertyName = msOGREscapePropertyName;
+
     return MS_SUCCESS;
 }
 

Modified: branches/branch-6-0/mapserver/mappostgis.c
===================================================================
--- branches/branch-6-0/mapserver/mappostgis.c	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/mappostgis.c	2011-07-12 13:06:14 UTC (rev 11890)
@@ -1024,7 +1024,7 @@
         return MS_FAILURE; 
     } 
 
-    pgresult = PQexec(pgconn, sql);
+    pgresult = PQexecParams(pgconn, sql,0, NULL, NULL, NULL, NULL, 0);
 
     if ( !pgresult || PQresultStatus(pgresult) != PGRES_TUPLES_OK) {
         msSetError(MS_QUERYERR, "Error executing SQL: %s", "msPostGISRetrieveVersion()", sql);
@@ -1164,7 +1164,7 @@
         return MS_FAILURE;
     }
 
-    pgresult = PQexec(layerinfo->pgconn, sql);
+    pgresult = PQexecParams(layerinfo->pgconn, sql, 0, NULL, NULL, NULL, NULL, 0);
     if ( !pgresult || PQresultStatus(pgresult) != PGRES_TUPLES_OK) {
         static char *tmp1 = "Error executing SQL: ";
         char *tmp2 = NULL;
@@ -2455,7 +2455,7 @@
     if(num_bind_values > 0) {
         pgresult = PQexecParams(layerinfo->pgconn, strSQL, num_bind_values, NULL, (const char**)layer_bind_values, NULL, NULL, 1);
     } else {
-        pgresult = PQexec(layerinfo->pgconn, strSQL);
+      pgresult = PQexecParams(layerinfo->pgconn, strSQL,0, NULL, NULL, NULL, NULL, 0);
     }
 
     /* free bind values */
@@ -2645,7 +2645,7 @@
             msDebug("msPostGISLayerGetShape query: %s\n", strSQL);
         }
 
-        pgresult = PQexec(layerinfo->pgconn, strSQL);
+        pgresult = PQexecParams(layerinfo->pgconn, strSQL,0, NULL, NULL, NULL, NULL, 0);
 
         /* Something went wrong. */
         if ( (!pgresult) || (PQresultStatus(pgresult) != PGRES_TUPLES_OK) ) {
@@ -2869,7 +2869,7 @@
         msDebug("msPostGISLayerGetItems executing SQL: %s\n", sql);
     }
 
-    pgresult = PQexec(layerinfo->pgconn, sql);
+    pgresult = PQexecParams(layerinfo->pgconn, sql,0, NULL, NULL, NULL, NULL, 0);
     
     if ( (!pgresult) || (PQresultStatus(pgresult) != PGRES_TUPLES_OK) ) {
         msSetError(MS_QUERYERR, "Error (%s) executing SQL: %s", "msPostGISLayerGetItems()", PQerrorMessage(layerinfo->pgconn), sql);
@@ -3302,6 +3302,34 @@
     return MS_FALSE;
 }
 
+char *msPostGISEscapeSQLParam(layerObj *layer, char *pszString)
+{
+    msPostGISLayerInfo *layerinfo = NULL;
+    int nError;
+    size_t nSrcLen;
+    char* pszEscapedStr =NULL;
+
+    if (layer && pszString && strlen(pszString) > 0)
+    {
+        if(!msPostGISLayerIsOpen(layer))
+          msPostGISLayerOpen(layer);
+    
+        assert(layer->layerinfo != NULL);
+
+        layerinfo = (msPostGISLayerInfo *) layer->layerinfo;
+        nSrcLen = strlen(pszString);
+        pszEscapedStr = (char*) msSmallMalloc( 2 * nSrcLen + 1);
+        PQescapeStringConn (layerinfo->pgconn, pszEscapedStr, pszString, nSrcLen, &nError);
+        if (nError != 0)
+        {
+            free(pszEscapedStr);
+            pszEscapedStr = NULL;
+        }
+    }
+    return pszEscapedStr;
+}
+
+
 int msPostGISLayerInitializeVirtualTable(layerObj *layer) {
     assert(layer != NULL);
     assert(layer->vtable != NULL);
@@ -3323,7 +3351,9 @@
     /* layer->vtable->LayerCreateItems, use default */
     /* layer->vtable->LayerGetNumFeatures, use default */
     
-    /* layer->vtable->LayerGetAutoProjection, use defaut*/    
+    /* layer->vtable->LayerGetAutoProjection, use defaut*/  
 
+    layer->vtable->LayerEscapeSQLParam = msPostGISEscapeSQLParam;
+
     return MS_SUCCESS;
 }

Modified: branches/branch-6-0/mapserver/mapserver.h
===================================================================
--- branches/branch-6-0/mapserver/mapserver.h	2011-07-12 12:42:35 UTC (rev 11889)
+++ branches/branch-6-0/mapserver/mapserver.h	2011-07-12 13:06:14 UTC (rev 11890)
@@ -1661,6 +1661,8 @@
   int (*LayerCreateItems)(layerObj *layer, int nt);
   int (*LayerGetNumFeatures)(layerObj *layer);
   int (*LayerGetAutoProjection)(layerObj *layer, projectionObj *projection);
+  char* (*LayerEscapeSQLParam)(layerObj *layer, const char* pszString);
+  char* (*LayerEscapePropertyName)(layerObj *layer, const char* pszString);
 };
 #endif /*SWIG*/
 
@@ -2107,6 +2109,9 @@
 
 MS_DLL_EXPORT int msLayerGetMaxFeaturesToDraw(layerObj *layer, outputFormatObj *format);
 
+MS_DLL_EXPORT char *msLayerEscapeSQLParam(layerObj *layer, const char* pszString);
+MS_DLL_EXPORT char *msLayerEscapePropertyName(layerObj *layer, const char* pszString);
+
 /* These are special because SWF is using these */
 int msOGRLayerNextShape(layerObj *layer, shapeObj *shape);
 int msOGRLayerGetItems(layerObj *layer);



More information about the mapserver-commits mailing list