[MapServer-users] mapserver 8 - CGI map_object substitutions broken?

Lime, Steve D (MNIT) steve.lime at state.mn.us
Fri Oct 7 10:52:08 PDT 2022 

Easy solution - cool. You can do that with straight runsubs and relatively easy validation. Here's a nice document on the topic https://www.regextutorial.org/regex-for-numbers-and-ranges.php. I updated an existing ticket to clean that documentation up and remove some other cruft towards the bottom of that documentation.

From: MapServer-users <mapserver-users-bounces at lists.osgeo.org> On Behalf Of Tim Kempisty via MapServer-users
Sent: Friday, October 7, 2022 10:34 AM
To: Steve Lime <sdlime at gmail.com>
Cc: mapserver-users at lists.osgeo.org
Subject: Re: [MapServer-users] mapserver 8 - CGI map_object substitutions broken?

This message may be from an external email source.
Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.

________________________________
Well that's... not shocking.  I'm imagining the regex that might sanitize a URL with all that syntax in it... uuuuughh...   *crumplecrumplecrumple* ~toss~

As for my own work... I realized yesterday late that I was going to have to find an alternative anyway.  All these maps need to go into Mapcache.  Turning that map_object notation into an intuitive mapcache dimension is a big ol Nope.  I can likely pass in a parameter on the URL (&fontsize=10)  and then use multiple classes in the vein of  CLASS: EXPRESSION (%fontsize% = 10).  Voila.  Easy mapcache dimension, easy sanitizing, supports a reasonable number of font sizes.

So I guess the item for the maintainers to fix is actually the documentation ( https://mapserver.org/cgi/controls.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmapserver.org%2Fcgi%2Fcontrols.html&data=05%7C01%7Csteve.lime%40state.mn.us%7Cf22fba2aefea49f12a1d08daa8796427%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C638007536586118020%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SS4mdPY1dc5Xt5sSI1AKVWn1OmgvK9pTadrLVZ4GORY%3D&reserved=0> )  which still makes it look like you can use map_object notation on the URL in MS8.

Thanks for the info!

-Tim


On Oct 6, 2022, at 3:49 PM, Steve Lime <sdlime at gmail.com<mailto:sdlime at gmail.com>> wrote:

Hi Tim: I was wondering if I'd see any messages on that topic. Short story is that the functionality was removed in MS8. I never liked the all-or-nothing aspect of it and was working on a method to control which objects would be allowed to be updated. The solutions I came up with were convoluted and were going to add a lot of complexity to the codebase for little value. That functionality is poorly documented and by itself overly complicates the code. So after a note to mapserver-users trying to judge how much it was used - with limited replies - it was decided to remove it. I'm dealing with my own upgrade issues as a result, but it's worth it in the end IMHO.

If necessary, it's better to revisit with another method - ideally something along the lines of runsubs. The challenge is specifying when to apply them and how to validate values. Strings are easy, but numeric/color values aren't so we'd need to do something like add runtime bindings (similar to attribute bindings) so you'd write SIZE %mysize% instead. One advantage being you could reuse the variable across layers.

So, what are the options right now? It sort of depends on your needs. Do you need to only support a couple of sizes for a class or do you truly need *any* size? Options include:

  *   multiple mapfiles - probably using includes to limit redundancy
  *   class groups
  *   if you're using a db backend I think attribute bindings could work paired with runsubs
DATA "shape FROM (select *, %textsize% AS textsize FROM ...)
VALIDATION
    "textsize_default" "13"
    "textsize" "^8|10|12|14$"
END
CLASS
  LABEL
    SIZE [textsize] # I think attribute binding works here
  END
END

  *   MapScript - load the mapfile, do the changes you need, render the map
Happy to discuss further and perhaps other folks have ideas.

--Steve

On Thu, Oct 6, 2022 at 12:47 PM Tim Kempisty via MapServer-users <mapserver-users at lists.osgeo.org<mailto:mapserver-users at lists.osgeo.org>> wrote:
Good afternoon, all.

I am migrating a project from MS7 to the new Mapserver 8.0.0, and I've stumbled upon evidence that map_object notation support for CGI variable substitution may be broken.

Here's the relevant doc for CGI Controls:

https://mapserver.org/cgi/controls.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmapserver.org%2Fcgi%2Fcontrols.html&data=05%7C01%7Csteve.lime%40state.mn.us%7Cf22fba2aefea49f12a1d08daa8796427%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C638007536586118020%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SS4mdPY1dc5Xt5sSI1AKVWn1OmgvK9pTadrLVZ4GORY%3D&reserved=0>

Scoll down to the heading:  "Changing map file parameters via a form or a URL"
We have been using the map_object notation method to set custom image sizes and font sizes.

Excuse the messy query string.  The important parts are  "&map_size" and "&map.layer[...]"

/var/www/cgi-bin/mapserv.cgi -nh "QUERY_STRING=mode=map&map=/usr/local/mapfiles/kempisty/nbm_view/foo.map&layer=genNoDec&model=blend&ver=v4.0&sector=conus&element=maxt&issuancetime=2022-10-06T14:00&validtime=2022-10-08T06:00&mapext=-3270279.3477121103%20-163255.0404466032%202666810.2533767014%203144901.0582670807&map_size=1215+677&map.layer[genNoDec].class[0].label[0]=SIZE+8" > /var/www/html/kempisty/foo7.png


MS7 gives a map size 1215x677 with labels rendered in 8 point font, as expected.  The same command, using mapserver 8 instead of 7, gives an image size 2345x1597 (map size as defined in the mapfile) with labels rendered in 13 point font (also as defined in the mapfile).


Using MS8... if I send &mapsize=1215+677 instead of &map_size=1215+677 ... I will get the image at the correct size.  So the predefined CGI control variables still work.  It suggests to me, it is only the map_object notation method that is broken.  Has that been disabled in MS8, or is it now subject to a new configuration requirement that I'm not aware of?


Relevant string isolated for reference:
&map_size=1215+677&map.layer[genNoDec].class[0].label[0]=SIZE+8"


I'm open to other methods of changing font size on the fly.  We did it this way because %var% runtime substitutions aren't supported for CLASS: LABEL: SIZE.


-Tim Kempisty


_______________________________________________
MapServer-users mailing list
MapServer-users at lists.osgeo.org<mailto:MapServer-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/mapserver-users<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.osgeo.org%2Fmailman%2Flistinfo%2Fmapserver-users&data=05%7C01%7Csteve.lime%40state.mn.us%7Cf22fba2aefea49f12a1d08daa8796427%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C638007536586118020%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uQdvSnp4nkT3THEbqTmEZig3HEuht4yweaXTHk4pkGs%3D&reserved=0>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20221007/297cbfda/attachment-0001.htm>

More information about the MapServer-users mailing list