Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
WMS server: let fuzzy string functions go through filter safety test
  • Loading branch information
mhugent committed Dec 8, 2011
1 parent 94984a3 commit 9c89965
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions src/mapserver/qgswmsserver.cpp
Expand Up @@ -581,7 +581,7 @@ QImage* QgsWMSServer::getMap()
restoreLayerFilters( originalLayerFilters );
clearFeatureSelections( selectedLayerIdList );

QgsDebugMsg("clearing filters");
QgsDebugMsg( "clearing filters" );
QgsMapLayerRegistry::instance()->mapLayers().clear();

#ifdef QGISDEBUG
Expand Down Expand Up @@ -1700,7 +1700,7 @@ QMap<QString, QString> QgsWMSServer::applyRequestedLayerFilters( const QStringLi
throw QgsMapServiceException( "Filter string rejected", "The filter string " + eqSplit.at( 1 ) +
" has been rejected because of security reasons. Note: Text strings have to be enclosed in single or double quotes. " +
"A space between each word / special character is mandatory. Allowed Keywords and special characters are " +
"AND,OR,IN,<,>=,>,>=,!=,',',(,). Not allowed are semicolons in the filter expression." );
"AND,OR,IN,<,>=,>,>=,!=,',',(,),DMETAPHONE,SOUNDEX. Not allowed are semicolons in the filter expression." );
}

//we need to find the maplayer objects matching the layer name
Expand Down Expand Up @@ -1832,7 +1832,9 @@ bool QgsWMSServer::testFilterStringSafety( const QString& filter ) const
|| tokenIt->compare( ">=" ) == 0
|| tokenIt->compare( "AND", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "OR", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "IN", Qt::CaseInsensitive ) == 0 )
|| tokenIt->compare( "IN", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "DMETAPHONE", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "SOUNDEX", Qt::CaseInsensitive ) == 0 )
{
continue;
}
Expand Down

0 comments on commit 9c89965

Please sign in to comment.