Bug report #4520
Updated by Paul Blottiere over 5 years ago
WMS request:
<pre>
http://localhost/wms/simple?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&LAYERS=lakes&QUERY_LAYERS=lakes&FEATURE_COUNT=10&INFO_FORMAT=text/xml&SRS=EPSG:4326&FILTER=lakes:"NAME" = 'ZUGER SEE'
</pre>
Response:
<pre>
<ServiceExceptionReport version="1.3.0">
<ServiceException code="Filter string rejected">
The filter string "NAME" = 'ZUGER SEE' has been rejected because of security reasons.
Note: Text strings have to be enclosed in single or double quotes. A space between each word / special character is mandatory.
Allowed Keywords and special characters are AND,OR,IN,<,>=,>,>=,!=,',',(,). Not allowed are semicolons in the filter expression.
</ServiceException>
</ServiceExceptionReport>
</pre>
Spaces in the filter attribute as well as the filter value are rejected.
<pre>
http://localhost/wms/simple?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&LAYERS=lakes&QUERY_LAYERS=lakes&FEATURE_COUNT=10&INFO_FORMAT=text/xml&SRS=EPSG:4326&FILTER=lakes:"NAME" = 'ZUGER SEE'
</pre>
Response:
<pre>
<ServiceExceptionReport version="1.3.0">
<ServiceException code="Filter string rejected">
The filter string "NAME" = 'ZUGER SEE' has been rejected because of security reasons.
Note: Text strings have to be enclosed in single or double quotes. A space between each word / special character is mandatory.
Allowed Keywords and special characters are AND,OR,IN,<,>=,>,>=,!=,',',(,). Not allowed are semicolons in the filter expression.
</ServiceException>
</ServiceExceptionReport>
</pre>
Spaces in the filter attribute as well as the filter value are rejected.