[mapserver-users] problem with specific queries while
upgrading to5.2.2
Steve Lime
Steve.Lime at dnr.state.mn.us
Mon Mar 30 14:23:48 EDT 2009
Ah, you're experiencing a problem because you're using a parameter "id" that is reserved CGI variable and
therefore subject to it's own validation, much like mapext or map. Those variable names should be avoided.
It worked in the past because there was no validation (hence the security fix). If you use a variable name
like "parcel_id" instead of "id" you can work around this. The id CGI variable is used for quasi session handling.
Steve
>>> On 3/30/2009 at 1:14 PM, in message
<3D56274B4A7874468F58FADDBFD0980107084FBC at llmhs02.r8nssis.local>, "Mark Volz"
<MarkVolz at co.lyon.mn.us> wrote:
> Hello,
>
>
>
> I have recently upgraded from Mapserver 5.2.1 to 5.2.2. Apparently there
> are
> some new security features, one being that you need to add <!-- MapServer
> Template --> to all of the web pages that report identify, query, and select
> results. I now have most of my site running. The problem I have now is
> some
> of my searches no longer work. I receive the following error when I include
> a dash "-" as part of my search string e.g. "01-001001-0"
>
>
>
> loadMap(): Web application error. Parameter 'id' value fails to validate.
> msEvalRegex(): Regular expression error. String (01-001) failed expression
> test.
>
>
>
> I can get the searches to work if I omit the portion of the search sting
> e.g.
> "001001"
>
>
>
> Any thoughts on how I can get the search to work?
>
>
>
> Last working system:
>
> Geomoose 1.6.1 on MS4W 5.2.1
>
> Current system with problems:
>
> Geomoose 1.6.1 on MS4W 5.2.2
>
>
More information about the mapserver-users
mailing list