Skip to content

Commit 1058774

Browse files
rouaultrouault
committed
WFS/OWS: fix absence of XML escaping in GetCapabilities response
We improperly use xmlNewChild() instead of xmlNewTextChild(). The form expects the value to be already XML-escaped, while the later do the escaping. Fix issue reported on https://lists.osgeo.org/pipermail/mapserver-users/2016-April/078832.html
1 parent c7fa5aa commit 1058774

11 files changed

+1046
-44
lines changed

maplibxml2.c

+6-1
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,12 @@ void msLibXml2GenerateList(xmlNodePtr psParent, xmlNsPtr psNs, const char *elnam
5858
int i = 0;
5959
tokens = msStringSplit(values, delim, &n);
6060
for (i=0; i<n; i++) {
61-
xmlNewChild(psParent, psNs, BAD_CAST elname, BAD_CAST tokens[i]);
61+
// Not sure we really need to distinguish empty vs non-empty case, but
62+
// this does change the result of msautotest/wxs/expected/wcs_empty_cap111.xml otherwise
63+
if( tokens[i] && tokens[i][0] != '\0' )
64+
xmlNewTextChild(psParent, psNs, BAD_CAST elname, BAD_CAST tokens[i]);
65+
else
66+
xmlNewChild(psParent, psNs, BAD_CAST elname, BAD_CAST tokens[i]);
6267
}
6368
msFreeCharArray(tokens, n);
6469
}

mapogcsos.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -284,7 +284,7 @@ void msSOSAddPropertyNode(xmlNsPtr psNsSwe, xmlNsPtr psNsXLink, xmlNodePtr psPar
284284
pszValue = msOWSLookupMetadata(&(lp->metadata), "S",
285285
"observedproperty_name");
286286
if (pszValue)
287-
psNode = xmlNewChild(psCompNode, psNsGml,
287+
psNode = xmlNewTextChild(psCompNode, psNsGml,
288288
BAD_CAST "name", BAD_CAST pszValue);
289289

290290
/* add components */

mapowscommon.c

+27-29
Original file line numberDiff line numberDiff line change
@@ -83,15 +83,15 @@ xmlNodePtr msOWSCommonServiceIdentification(xmlNsPtr psNsOws, mapObj *map,
8383

8484
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "title", validated_language);
8585

86-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "Title", BAD_CAST value);
86+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "Title", BAD_CAST value);
8787

8888
if (!value) {
8989
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_title\" missing for ows:Title"));
9090
}
9191

9292
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "abstract", validated_language);
9393

94-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "Abstract", BAD_CAST value);
94+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "Abstract", BAD_CAST value);
9595

9696
if (!value) {
9797
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_abstract\" was missing for ows:Abstract"));
@@ -100,31 +100,31 @@ xmlNodePtr msOWSCommonServiceIdentification(xmlNsPtr psNsOws, mapObj *map,
100100
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "keywordlist", validated_language);
101101

102102
if (value) {
103-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "Keywords", NULL);
103+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "Keywords", NULL);
104104
msLibXml2GenerateList(psNode, psNsOws, "Keyword", value, ',');
105105
}
106106

107107
else {
108108
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_keywordlist\" was missing for ows:KeywordList"));
109109
}
110110

111-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "ServiceType", BAD_CAST servicetype);
111+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "ServiceType", BAD_CAST servicetype);
112112

113113
xmlNewProp(psNode, BAD_CAST "codeSpace", BAD_CAST MS_OWSCOMMON_OGC_CODESPACE);
114114

115115
msLibXml2GenerateList(psRootNode, psNsOws, "ServiceTypeVersion", supported_versions, ',');
116116

117117
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "fees", validated_language);
118118

119-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "Fees", BAD_CAST value);
119+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "Fees", BAD_CAST value);
120120

121121
if (!value) {
122122
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_fees\" was missing for ows:Fees"));
123123
}
124124

125125
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "accessconstraints", validated_language);
126126

127-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "AccessConstraints", BAD_CAST value);
127+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "AccessConstraints", BAD_CAST value);
128128

129129
if (!value) {
130130
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_accessconstraints\" was missing for ows:AccessConstraints"));
@@ -169,13 +169,13 @@ xmlNodePtr msOWSCommonServiceProvider(xmlNsPtr psNsOws, xmlNsPtr psNsXLink,
169169

170170
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactorganization", validated_language);
171171

172-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "ProviderName", BAD_CAST value);
172+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "ProviderName", BAD_CAST value);
173173

174174
if (!value) {
175175
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Mandatory metadata \"ows_contactorganization\" was missing for ows:ProviderName"));
176176
}
177177

178-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "ProviderSite", NULL);
178+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "ProviderSite", NULL);
179179

180180
xmlNewNsProp(psNode, psNsXLink, BAD_CAST "type", BAD_CAST "simple");
181181

@@ -187,95 +187,95 @@ xmlNodePtr msOWSCommonServiceProvider(xmlNsPtr psNsOws, xmlNsPtr psNsXLink,
187187
xmlAddSibling(psNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_service_onlineresource\" was missing for ows:ProviderSite/@xlink:href"));
188188
}
189189

190-
psNode = xmlNewChild(psRootNode, psNsOws, BAD_CAST "ServiceContact", NULL);
190+
psNode = xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "ServiceContact", NULL);
191191

192192
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactperson", validated_language);
193193

194-
psSubNode = xmlNewChild(psNode, psNsOws, BAD_CAST "IndividualName", BAD_CAST value);
194+
psSubNode = xmlNewTextChild(psNode, psNsOws, BAD_CAST "IndividualName", BAD_CAST value);
195195

196196
if (!value) {
197197
xmlAddSibling(psSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_contactperson\" was missing for ows:IndividualName"));
198198
}
199199

200200
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactposition", validated_language);
201201

202-
psSubNode = xmlNewChild(psNode, psNsOws, BAD_CAST "PositionName", BAD_CAST value);
202+
psSubNode = xmlNewTextChild(psNode, psNsOws, BAD_CAST "PositionName", BAD_CAST value);
203203

204204
if (!value) {
205205
xmlAddSibling(psSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_contactposition\" was missing for ows:PositionName"));
206206
}
207207

208-
psSubNode = xmlNewChild(psNode, psNsOws, BAD_CAST "ContactInfo", NULL);
208+
psSubNode = xmlNewTextChild(psNode, psNsOws, BAD_CAST "ContactInfo", NULL);
209209

210-
psSubSubNode = xmlNewChild(psSubNode, psNsOws, BAD_CAST "Phone", NULL);
210+
psSubSubNode = xmlNewTextChild(psSubNode, psNsOws, BAD_CAST "Phone", NULL);
211211

212212
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactvoicetelephone", validated_language);
213213

214-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "Voice", BAD_CAST value);
214+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "Voice", BAD_CAST value);
215215

216216
if (!value) {
217217
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_contactvoicetelephone\" was missing for ows:Voice"));
218218
}
219219

220220
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactfacsimiletelephone", validated_language);
221221

222-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "Facsimile", BAD_CAST value);
222+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "Facsimile", BAD_CAST value);
223223

224224
if (!value) {
225225
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_contactfacsimiletelephone\" was missing for ows:Facsimile"));
226226
}
227227

228-
psSubSubNode = xmlNewChild(psSubNode, psNsOws, BAD_CAST "Address", NULL);
228+
psSubSubNode = xmlNewTextChild(psSubNode, psNsOws, BAD_CAST "Address", NULL);
229229

230230
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "address", validated_language);
231231

232-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "DeliveryPoint", BAD_CAST value);
232+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "DeliveryPoint", BAD_CAST value);
233233

234234
if (!value) {
235235
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_address\" was missing for ows:DeliveryPoint"));
236236
}
237237

238238
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "city", validated_language);
239239

240-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "City", BAD_CAST value);
240+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "City", BAD_CAST value);
241241

242242
if (!value) {
243243
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_city\" was missing for ows:City"));
244244
}
245245

246246
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "stateorprovince", validated_language);
247247

248-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "AdministrativeArea", BAD_CAST value);
248+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "AdministrativeArea", BAD_CAST value);
249249

250250
if (!value) {
251251
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_stateorprovince\" was missing for ows:AdministrativeArea"));
252252
}
253253

254254
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "postcode", validated_language);
255255

256-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "PostalCode", BAD_CAST value);
256+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "PostalCode", BAD_CAST value);
257257

258258
if (!value) {
259259
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_postcode\" was missing for ows:PostalCode"));
260260
}
261261

262262
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "country", validated_language);
263263

264-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "Country", BAD_CAST value);
264+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "Country", BAD_CAST value);
265265

266266
if (!value) {
267267
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_country\" was missing for ows:Country"));
268268
}
269269

270270
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactelectronicmailaddress", validated_language);
271271

272-
psSubSubSubNode = xmlNewChild(psSubSubNode, psNsOws, BAD_CAST "ElectronicMailAddress", BAD_CAST value);
272+
psSubSubSubNode = xmlNewTextChild(psSubSubNode, psNsOws, BAD_CAST "ElectronicMailAddress", BAD_CAST value);
273273

274274
if (!value) {
275275
xmlAddSibling(psSubSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_contactelectronicmailaddress\" was missing for ows:ElectronicMailAddress"));
276276
}
277277

278-
psSubSubNode = xmlNewChild(psSubNode, psNsOws, BAD_CAST "OnlineResource", NULL);
278+
psSubSubNode = xmlNewTextChild(psSubNode, psNsOws, BAD_CAST "OnlineResource", NULL);
279279

280280
xmlNewNsProp(psSubSubNode, psNsXLink, BAD_CAST "type", BAD_CAST "simple");
281281

@@ -289,23 +289,23 @@ xmlNodePtr msOWSCommonServiceProvider(xmlNsPtr psNsOws, xmlNsPtr psNsXLink,
289289

290290
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "hoursofservice", validated_language);
291291

292-
psSubSubNode = xmlNewChild(psSubNode, psNsOws, BAD_CAST "HoursOfService", BAD_CAST value);
292+
psSubSubNode = xmlNewTextChild(psSubNode, psNsOws, BAD_CAST "HoursOfService", BAD_CAST value);
293293

294294
if (!value) {
295295
xmlAddSibling(psSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_hoursofservice\" was missing for ows:HoursOfService"));
296296
}
297297

298298
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "contactinstructions", validated_language);
299299

300-
psSubSubNode = xmlNewChild(psSubNode, psNsOws, BAD_CAST "ContactInstructions", BAD_CAST value);
300+
psSubSubNode = xmlNewTextChild(psSubNode, psNsOws, BAD_CAST "ContactInstructions", BAD_CAST value);
301301

302302
if (!value) {
303303
xmlAddSibling(psSubSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_contactinstructions\" was missing for ows:ContactInstructions"));
304304
}
305305

306306
value = msOWSLookupMetadataWithLanguage(&(map->web.metadata), namespaces, "role", validated_language);
307307

308-
psSubNode = xmlNewChild(psNode, psNsOws, BAD_CAST "Role", BAD_CAST value);
308+
psSubNode = xmlNewTextChild(psNode, psNsOws, BAD_CAST "Role", BAD_CAST value);
309309

310310
if (!value) {
311311
xmlAddSibling(psSubNode, xmlNewComment(BAD_CAST "WARNING: Optional metadata \"ows_role\" was missing for ows:Role"));
@@ -489,9 +489,7 @@ xmlNodePtr msOWSCommonExceptionReport(xmlNsPtr psNsOws, int ows_version, const c
489489
}
490490

491491
if (ExceptionText != NULL) {
492-
char* errorMessage = msEncodeHTMLEntities(ExceptionText);
493-
xmlNewChild(psMainNode, NULL, BAD_CAST "ExceptionText", BAD_CAST errorMessage);
494-
msFree(errorMessage);
492+
xmlNewTextChild(psMainNode, NULL, BAD_CAST "ExceptionText", BAD_CAST ExceptionText);
495493
}
496494

497495
free(xsi_schemaLocation);

mapwfs11.c

+10-10
Original file line numberDiff line numberDiff line change
@@ -119,10 +119,10 @@ xmlNodePtr msWFSDumpLayer11(mapObj *map, layerObj *lp, xmlNsPtr psNsOws,
119119
valueToFree = (char *) msSmallMalloc(sizeof(char*)*n);
120120
snprintf(valueToFree, n, "%s%s%s", (value ? value : ""), (value ? ":" : ""), lp->name);
121121

122-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "Name", BAD_CAST valueToFree);
122+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "Name", BAD_CAST valueToFree);
123123
msFree(valueToFree);
124124
} else {
125-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "Name", BAD_CAST lp->name);
125+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "Name", BAD_CAST lp->name);
126126
}
127127

128128
if (lp->name && strlen(lp->name) > 0 &&
@@ -140,12 +140,12 @@ xmlNodePtr msWFSDumpLayer11(mapObj *map, layerObj *lp, xmlNsPtr psNsOws,
140140
if (!value)
141141
value =(const char*)lp->name;
142142

143-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "Title", BAD_CAST value);
143+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "Title", BAD_CAST value);
144144

145145

146146
value = msOWSLookupMetadataWithLanguage(&(lp->metadata), "FO", "abstract", validate_language);
147147
if (value)
148-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "Abstract", BAD_CAST value);
148+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "Abstract", BAD_CAST value);
149149

150150

151151

@@ -165,15 +165,15 @@ xmlNodePtr msWFSDumpLayer11(mapObj *map, layerObj *lp, xmlNsPtr psNsOws,
165165
tokens = msStringSplit(valueToFree, ' ', &n);
166166
if (tokens && n > 0) {
167167
if( nWFSVersion == OWS_1_1_0 )
168-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "DefaultSRS", BAD_CAST tokens[0]);
168+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "DefaultSRS", BAD_CAST tokens[0]);
169169
else
170-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "DefaultCRS", BAD_CAST tokens[0]);
170+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "DefaultCRS", BAD_CAST tokens[0]);
171171
for (i=1; i<n; i++)
172172
{
173173
if( nWFSVersion == OWS_1_1_0 )
174-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "OtherSRS", BAD_CAST tokens[i]);
174+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "OtherSRS", BAD_CAST tokens[i]);
175175
else
176-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "OtherCRS", BAD_CAST tokens[i]);
176+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "OtherCRS", BAD_CAST tokens[i]);
177177
}
178178

179179
msFreeCharArray(tokens, n);
@@ -198,7 +198,7 @@ xmlNodePtr msWFSDumpLayer11(mapObj *map, layerObj *lp, xmlNsPtr psNsOws,
198198
tokens = msStringSplit(formats_list, ',', &n);
199199

200200
for( iformat = 0; iformat < n; iformat++ )
201-
xmlNewChild(psNode, NULL, BAD_CAST "Format",
201+
xmlNewTextChild(psNode, NULL, BAD_CAST "Format",
202202
BAD_CAST tokens[iformat] );
203203
msFree( formats_list );
204204
msFreeCharArray( tokens, n );
@@ -236,7 +236,7 @@ xmlNodePtr msWFSDumpLayer11(mapObj *map, layerObj *lp, xmlNsPtr psNsOws,
236236
}
237237
else
238238
{
239-
psNode = xmlNewChild(psRootNode, NULL, BAD_CAST "MetadataURL", BAD_CAST value);
239+
psNode = xmlNewTextChild(psRootNode, NULL, BAD_CAST "MetadataURL", BAD_CAST value);
240240

241241
value = msOWSLookupMetadata(&(lp->metadata), "FO", "metadataurl_format");
242242

mapwfs20.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ xmlNodePtr msWFSConstraintDefaultValue(xmlNsPtr psNs, xmlNsPtr psNsOws, const ch
163163
xmlNewProp(psRootNode, BAD_CAST "name", BAD_CAST name);
164164

165165
xmlNewChild(psRootNode, psNsOws, BAD_CAST "NoValues", NULL );
166-
xmlNewChild(psRootNode, psNsOws, BAD_CAST "DefaultValue", BAD_CAST value);
166+
xmlNewTextChild(psRootNode, psNsOws, BAD_CAST "DefaultValue", BAD_CAST value);
167167

168168
return psRootNode;
169169
}
@@ -334,9 +334,9 @@ static void msWFSAddInspireDSID(mapObj *map,
334334
{
335335
xmlNodePtr pSDSI = xmlNewNode(psNsInspireDls, BAD_CAST "SpatialDataSetIdentifier");
336336
xmlAddChild(pDlsExtendedCapabilities, pSDSI);
337-
xmlNewChild(pSDSI, psNsInspireCommon, BAD_CAST "Code", BAD_CAST tokensCode[i]);
337+
xmlNewTextChild(pSDSI, psNsInspireCommon, BAD_CAST "Code", BAD_CAST tokensCode[i]);
338338
if( ntokensNS > 0 && tokensNS[i][0] != '\0' )
339-
xmlNewChild(pSDSI, psNsInspireCommon, BAD_CAST "Namespace", BAD_CAST tokensNS[i]);
339+
xmlNewTextChild(pSDSI, psNsInspireCommon, BAD_CAST "Namespace", BAD_CAST tokensNS[i]);
340340
}
341341
msFreeCharArray(tokensCode, ntokensCode);
342342
if( ntokensNS > 0 )

0 commit comments

Comments
 (0)