[MapServer-users] CGI variable "map" fails to validate

Jan Hartmann j.l.h.hartmann at gmail.com
Wed Mar 6 14:47:29 PST 2024 

Shouldn't it be ".*' ?

On 06/03/2024 23:29, Lernout, Matthew via MapServer-users wrote:
> So, still banging my head against this a month later after eliminating HTTPS as the bogeyman.
>
> Using FastCGI and MapServer with the simplest config and what should be an "allow everything" test expression:
>
> CONFIG
>    ENV
>             MS_MAP_PATTERN "."
>    END
> END
>
> And all requests return:
> msLoadMap(): Regular expression error. Filename validation failed.
>
> BONUS: If I strip out the map variable from my request, I'd expect the error "CGI variable "map" is not set." but I still get "msLoadMap(): Regular expression error. Filename validation failed." even without providing a map! This is following IISRESET, and I know the config is being loaded (if I remove it, I get "msLoadConfig(): Unable to access file")
>
> If I'm not supplying a map parameter in my request and it's not throwing an error that it's missing, what is being used for map value against the expression? (And how do I get it to read my variable in the request?)
>
> Thanks for any direction,
> Matt
>
> -----Original Message-----
> From: MapServer-users <mapserver-users-bounces at lists.osgeo.org> On Behalf Of Lernout, Matthew via MapServer-users
> Sent: Wednesday, February 7, 2024 3:32 PM
> To: mapserver-users at lists.osgeo.org
> Subject: Re: [MapServer-users] CGI variable "map" fails to validate
>
> Hi,
>
> After scratching my head for a while, realized all my testing was over HTTPS. Made a localhost connection over HTTP and the map variable was then valid.
> I was looking in the wrong place - the error reports a failed validation, but that's due to failed certificate trust from what I can see.
> Thanks for helping me steer into the real issue - I now have a direction to move in!
>
> Matt
>
> -----Original Message-----
> From: Rahkonen Jukka <jukka.rahkonen at maanmittauslaitos.fi>
> Sent: Wednesday, February 7, 2024 1:05 PM
> To: Lernout, Matthew <Matt.Lernout at stantec.com>; mapserver-users at lists.osgeo.org
> Subject: Re: [MapServer-users] CGI variable "map" fails to validate
>
> [You don't often get email from jukka.rahkonen at maanmittauslaitos.fi. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi,
>
> "." works for me.
>
> I have a Windows env set first as
> set MAPSERVER_CONFIG_FILE=\ms4w\ms4w.conf
> These are the meaningful lines in the "ms4w.conf" file.
> CONFIG
>    ENV
>             MS_MAP_PATTERN "."
>    END
> END
>
> Test proves that validation is successful
>
> http://localhost:8060/cgi-bin/mapserv.exe?map=f:\IMS_Maps\Client\projectarea.map
> msLoadMap(): Unable to access file. (f:\IMS_Maps\Client\projectarea.map)
>
> -Jukka Rahkonen-
>
>
> -----Alkuperäinen viesti-----
> Lähettäjä: MapServer-users <mapserver-users-bounces at lists.osgeo.org> Puolesta Lernout, Matthew via MapServer-users
> Lähetetty: keskiviikko 7. helmikuuta 2024 19.01
> Vastaanottaja: mapserver-users at lists.osgeo.org
> Aihe: Re: [MapServer-users] CGI variable "map" fails to validate
>
> I've ensured I am restarting the mapserv process with each config change - a quick test of commenting out the MS_MAP_PATTERN variable confirmed that is enough to refresh the config via error.
>
> Here's a snippet of a sample request. It works with my running instance of Mapserver 7.6.2 but doesn't pass validation (pattern '.') in MapServer 8.0.1.
>
> /cgi-bin/mapserv.exe?map=f:\IMS_Maps\Client\projectarea.map
>
> Matt
>
> -----Original Message-----
> From: Seth G <sethg at geographika.co.uk>
> Sent: Wednesday, February 7, 2024 11:48 AM
> To: Lernout, Matthew <Matt.Lernout at stantec.com>; MapServer Users <mapserver-users at lists.osgeo.org>
> Subject: Re: [MapServer-users] CGI variable "map" fails to validate
>
> [You don't often get email from sethg at geographika.co.uk. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi Matthew,
>
> The CONFIG file I think is only reloaded when IIS or the Application Pool is restarted, so some changes to the regex may have been ignored.
> Do you have a sample request with the &map= parameter? Is there anything in a web.config file that could be stripping these out or modifying them?
>
> Seth
>
> --
> web:https://geographika.net/ & https://mapserverstudio.net/
> twitter: @geographika
>
> On Wed, Feb 7, 2024, at 5:33 PM, Lernout, Matthew via MapServer-users wrote:
>> MS_MAP_PATTERN '.' also results in the same failed validation error,
>> which is what makes me think the issue may be with another config
>> setting. '.' should match any input, right?
>>
>> Just to make sure my config file was being loaded, I commented out the
>> MS_MAP_PATTERN entry entirely, and got the error "msCGILoadMap(): Web
>> application error. Required configuration value MS_MAP_PATTERN not set."
>>
>> Matt
>>
>> -----Original Message-----
>> From: MapServer-users <mapserver-users-bounces at lists.osgeo.org> On
>> Behalf Of Jörg Thomsen (WhereGroup) via MapServer-users
>> Sent: Wednesday, February 7, 2024 3:24 AM
>> To: mapserver-users at lists.osgeo.org
>> Subject: Re: [MapServer-users] CGI variable "map" fails to validate
>>
>> [You don't often get email from mapserver-users at lists.osgeo.org. Learn
>> why this is important at https://aka.ms/LearnAboutSenderIdentification
>> ]
>>
>> Hi,
>>
>> I'm not sure whether the pattern is correct. Shouldn't ist start with ^?
>>
>> Have yout tried
>> MS_MAP_PATTERN '.'? (not for production, just as a test)
>>
>> Jörg
>>
>> Am 06.02.24 um 20:12 schrieb Lernout, Matthew via MapServer-users:
>>> Hi,
>>>
>>> Having trouble making requests since updating to 8.0.1 from 7.6.2.
>>> Mapserver is running in IIS using FastCGI and the configuration steps
>>> from:
>>> https://maps/
>>> erver.org%2Finstallation%2Fiis.html&data=05%7C02%7Cmatt.lernout%40sta
>>> n
>>> tec.com%7C34322cf56ae745f61ae908dc27b617c5%7C413c6f2c219a469297d3f2b4
>>> d
>>> 80281e7%7C0%7C0%7C638428910243090792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
>>> M
>>> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7
>>> C
>>> &sdata=dh%2BpgGwk5996f0GEMeX7O8rcv5J81TnPzeFNZ9XoVLs%3D&reserved=0
>>> <https://map/
>>> server.org%2Finstallation%2Fiis.html&data=05%7C02%7Cmatt.lernout%40st
>>> a
>>> ntec.com%7C34322cf56ae745f61ae908dc27b617c5%7C413c6f2c219a469297d3f2b
>>> 4
>>> d80281e7%7C0%7C0%7C638428910243098246%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
>>> i
>>> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%
>>> 7
>>> C&sdata=OIoWHSlKZJrXWspqwVfY5jhX4lzBcQuI%2Bw5IeOVtXBA%3D&reserved=0>
>>>
>>> A new config file was added to the filesystem and server Environment
>>> variables as per documented requirements added since 7.6.3, but
>>> having trouble validating any map arguments. All requests return the
>>> error "CGI variable "map" fails to validate" even though regexp
>>> should pass based on expression tests.
>>>
>>> Here is the full config file in use:
>>>
>>> CONFIG
>>>     ENV
>>>       MS_MAP_PATTERN "\.map$"
>>>       PROJ_LIB "F:/MapServer/bin/proj7/SHARE"
>>>       CURL_CA_BUNDLE "F:\MapServer\bin\curl\curl-ca-bundle.crt"
>>>     END
>>>
>>>
>>>     PLUGINS
>>>       "mssql" "F:/MapServer/bin/ms/plugins/mssql2008/msplugin_mssql2008.dll"
>>>       "oci" "F:/MapServer/bin/ms/plugins/oci/msplugin_oracle.dll"
>>>     END
>>> END
>>>
>>> The current MS_MAP_PATTERN is just a simplified test to confirm 8.0.1
>>> working before I update to the real regexp, and my understanding is
>>> it should map anything that ends in .map? But every map argument I
>>> throw in (including verified working arguments for 7.6.2) result in a
>>> failure to validate. Are there other crucial configurations missing
>>> that are necessary to pass validation?
>>>
>>> Thanks,
>>>
>>> Matt
>>>
>>>
>>> _______________________________________________
>>> MapServer-users mailing list
>>> MapServer-users at lists.osgeo.org
>>> https://list/
>>> s.osgeo.org%2Fmailman%2Flistinfo%2Fmapserver-users&data=05%7C02%7Cmat
>>> t
>>> .lernout%40stantec.com%7C34322cf56ae745f61ae908dc27b617c5%7C413c6f2c2
>>> 1
>>> 9a469297d3f2b4d80281e7%7C0%7C0%7C638428910243105153%7CUnknown%7CTWFpb
>>> G
>>> Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
>>> %
>>> 3D%7C0%7C%7C%7C&sdata=c%2BjBl2NTy%2BIZxCYZmp0CLwa2ujlD%2BC%2BfzzIQgXK
>>> w
>>> lyI%3D&reserved=0
>> --
>> Viele Grüße,
>> Jörg Thomsen
>>
>> **********************************
>> Aufwind durch Wissen!
>> Web-Seminare und Online-Schulungen
>> bei der
>> http://www.f/
>> %2F&data=05%7C02%7Cmatt.lernout%40stantec.com%7C3da097b4c8f14244081908
>> dc281be563%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7C63842934748763
>> 9638%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
>> iI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sT3uaBmTuH%2FjMMYbOuD4f5n
>> VIByhR%2FX3FkSA5a1oz7U%3D&reserved=0
>> %2F&data=05%7C02%7CMatt.Lernout%40stantec.com%7C10165ecd716b4149010108
>> dc28075d52%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7C63842925930776
>> 7073%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
>> iI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=c%2F6yf3KoD736puorBam%2BF
>> h0CPIvAZHeM9JE%2BaLLh40A%3D&reserved=0
>> %2F&data=05%7C02%7Cjukka.rahkonen%40maanmittauslaitos.fi%7Cb1ac588f3ea
>> 94378069c08dc27fe5c36%7Cc4f8a63255804a1c92371d5a571b71fa%7C0%7C0%7C638
>> 429220639531250%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2
>> luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=6DJDUpY4WQcsCQ
>> c95tGoKBRTx9Ff8naSFezd%2FDbuM7s%3D&reserved=0
>> oss-academy.com%2F&data=05%7C02%7CMatt.Lernout%40stantec.com%7C6bfc803
>> 339354908ddc508dc27fca7b1%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7
>> C638429213306207068%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIj
>> oiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=N3W9lnwc3z
>> oNjXmUW993zzswV1YBXAED99N2OoI615g%3D&reserved=0
>> **********************************
>>
>>
>> Jörg Thomsen
>> WhereGroup GmbH
>> Bundesallee 23
>> 10717 Berlin
>> Germany
>>
>> Tel: +49 (0)30 / 5130 278 74
>> Fax: +49 (0)30 / 5130 278 11
>>
>> joerg.thomsen at wheregroup.com
>> http://www.w/
>> %2F&data=05%7C02%7Cmatt.lernout%40stantec.com%7C3da097b4c8f14244081908
>> dc281be563%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7C63842934748764
>> 3827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
>> iI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=OXSC01x1nY3zMWxCZASry4yRR
>> p%2FFcZMQlZaZ2%2FyA0To%3D&reserved=0
>> %2F&data=05%7C02%7CMatt.Lernout%40stantec.com%7C10165ecd716b4149010108
>> dc28075d52%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7C63842925930777
>> 1350%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
>> iI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2Bsjgvauyi7OelgrSWhkxILz
>> 2UenzLzP4UCdinOXxVKs%3D&reserved=0
>> %2F&data=05%7C02%7Cjukka.rahkonen%40maanmittauslaitos.fi%7Cb1ac588f3ea
>> 94378069c08dc27fe5c36%7Cc4f8a63255804a1c92371d5a571b71fa%7C0%7C0%7C638
>> 429220639536742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2
>> luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=GHmLgYpKwyBx4J
>> BxoERE3BKI6Oll7uYA%2BJoV5Fp3VFU%3D&reserved=0
>> heregroup.com%2F&data=05%7C02%7CMatt.Lernout%40stantec.com%7C6bfc80333
>> 9354908ddc508dc27fca7b1%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7C6
>> 38429213306211969%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
>> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=2eHjEWZMX%2B
>> r5Ciu10Erm5j6rVD%2BOWyIbwBtePd2gDJ8%3D&reserved=0
>>
>> Geschäftsführer:
>> Olaf Knopp, Peter Stamm
>> Amtsgericht Bonn, HRB 9885
>>
>> -------------------------------
>> Folgen Sie der WhereGroup auf twitter:
>> http://twitt/
>> er.com%2FWhereGroup_com&data=05%7C02%7CMatt.Lernout%40stantec.com%7C6b
>> fc803339354908ddc508dc27fca7b1%7C413c6f2c219a469297d3f2b4d80281e7%7C0%
>> 7C0%7C638429213306217142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL
>> CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=nIup%
>> 2BinkBHUNOhGb4s5sM8IrV58Ar5t%2B5NRsAkZDzkc%3D&reserved=0
>>
>> _______________________________________________
>> MapServer-users mailing list
>> MapServer-users at lists.osgeo.org
>> https://list/
>> s.osgeo.org%2Fmailman%2Flistinfo%2Fmapserver-users&data=05%7C02%7CMatt
>> .Lernout%40stantec.com%7C6bfc803339354908ddc508dc27fca7b1%7C413c6f2c21
>> 9a469297d3f2b4d80281e7%7C0%7C0%7C638429213306222189%7CUnknown%7CTWFpbG
>> Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
>> 3D%7C0%7C%7C%7C&sdata=T9CIsI3SiBLp%2BDt9jsu9Q9%2FNVmUd1hCtEgoOgYtzdt8%
>> 3D&reserved=0
>>   Caution: This email originated from outside of Stantec. Please take
>> extra precaution.
>>
>>   Attention: Ce courriel provient de l'extérieur de Stantec. Veuillez
>> prendre des précautions supplémentaires.
>>
>>   Atención: Este correo electrónico proviene de fuera de Stantec. Por
>> favor, tome precauciones adicionales.
>> _______________________________________________
>> MapServer-users mailing list
>> MapServer-users at lists.osgeo.org
>> https://list/
>> s.osgeo.org%2Fmailman%2Flistinfo%2Fmapserver-users&data=05%7C02%7CMatt
>> .Lernout%40stantec.com%7C6bfc803339354908ddc508dc27fca7b1%7C413c6f2c21
>> 9a469297d3f2b4d80281e7%7C0%7C0%7C638429213306226943%7CUnknown%7CTWFpbG
>> Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
>> 3D%7C0%7C%7C%7C&sdata=fxiaaf1f3%2F2cUrMl%2BBjIRBi8BDPaL8Tzyd3L9qPQMdA%
>> 3D&reserved=0
>   Caution: This email originated from outside of Stantec. Please take extra precaution.
>
>   Attention: Ce courriel provient de l'extérieur de Stantec. Veuillez prendre des précautions supplémentaires.
>
>   Atención: Este correo electrónico proviene de fuera de Stantec. Por favor, tome precauciones adicionales.
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users
>   Caution: This email originated from outside of Stantec. Please take extra precaution.
>
>   Attention: Ce courriel provient de l'extérieur de Stantec. Veuillez prendre des précautions supplémentaires.
>
>   Atención: Este correo electrónico proviene de fuera de Stantec. Por favor, tome precauciones adicionales.
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users
>   Caution: This email originated from outside of Stantec. Please take extra precaution.
>
>   Attention: Ce courriel provient de l'extérieur de Stantec. Veuillez prendre des précautions supplémentaires.
>
>   Atención: Este correo electrónico proviene de fuera de Stantec. Por favor, tome precauciones adicionales.
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users

More information about the MapServer-users mailing list