Skip to content
Permalink
Browse files

Require validation for CGI queryfile parameter (#4874).

  • Loading branch information
sdlime committed Feb 24, 2014
1 parent 05ff84f commit 88ec351fe7c085d544e8190ebb0bb809d8082ac9
Showing with 6 additions and 0 deletions.
  1. +2 −0 HISTORY.TXT
  2. +4 −0 mapservutil.c
@@ -15,6 +15,8 @@ For a complete change history, please see the Git log comments.
7.0 release (TBD)
-----------------

- Require validation on the CGI queryfile parameter. (#4874)

- Apply RFC86 scaletoken substitutions to layer->PROCESSING entries

- RFC108 Heatmap / Kernel-Density Layers
@@ -363,6 +363,10 @@ int msCGILoadForm(mapservObj *mapserv)

if(strcasecmp(mapserv->request->ParamNames[i],"queryfile") == 0) {
mapserv->QueryFile = msStrdup(mapserv->request->ParamValues[i]);
if(msValidateParameter(mapserv->QueryFile, msLookupHashTable(&(mapserv->map->web.validation), "queryfile"), NULL, NULL, NULL) != MS_SUCCESS) {
msSetError(MS_WEBERR, "Parameter 'queryfile' value fails to validate.", "mapserv()");
return MS_FAILURE;
}
continue;
}

0 comments on commit 88ec351

Please sign in to comment.
You can’t perform that action at this time.