Bug report #4520

Updated by Paul Blottiere over 3 years ago

WMS request:

<pre>

http://localhost/wms/simple?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&LAYERS=lakes&QUERY_LAYERS=lakes&FEATURE_COUNT=10&INFO_FORMAT=text/xml&SRS=EPSG:4326&FILTER=lakes:"NAME" = 'ZUGER SEE'

</pre>



Response:

<pre>

<ServiceExceptionReport version="1.3.0">

<ServiceException code="Filter string rejected">

The filter string "NAME" = 'ZUGER SEE' has been rejected because of security reasons.

Note: Text strings have to be enclosed in single or double quotes. A space between each word / special character is mandatory.

Allowed Keywords and special characters are AND,OR,IN,<,>=,>,>=,!=,',',(,). Not allowed are semicolons in the filter expression.

</ServiceException>

</ServiceExceptionReport>

</pre>



Spaces in the filter attribute as well as the filter value are rejected.

Back