Permalink
Browse files

Require Validation of SLD ExternalGraphic OnlineResource (#4883)

Onlineresource must validate against "sld_external_graphic" entry of
map->web->validation in order to be taken into account.

added thanks to Regione Toscana - SITA
  • Loading branch information...
luipir authored and tbonfort committed Mar 15, 2014
1 parent 35b226c commit e18424940d5c48391c61cf62b0bda883805bc871
Showing with 25 additions and 10 deletions.
  1. +2 −0 HISTORY.TXT
  2. +11 −8 mapogcsld.c
  3. +11 −1 mapsymbol.c
  4. +1 −1 msautotest
View
@@ -15,6 +15,8 @@ For a complete change history, please see the Git log comments.
7.0 release (TBD)
-----------------
+- Require validation of ExternalGraphic OnlineResource (#4883)
+
- Require validation on the CGI queryfile parameter. (#4874)
- Apply RFC86 scaletoken substitutions to layer->PROCESSING entries
View
@@ -2078,9 +2078,6 @@ int msSLDParsePointSymbolizer(CPLXMLNode *psRoot, layerObj *psLayer,
int msSLDParseExternalGraphic(CPLXMLNode *psExternalGraphic,
styleObj *psStyle, mapObj *map)
{
- /* needed for libcurl function msHTTPGetFile in maphttp.c */
-#if defined(USE_CURL)
-
char *pszFormat = NULL;
CPLXMLNode *psURL=NULL, *psFormat=NULL, *psTmp=NULL;
char *pszURL=NULL;
@@ -2092,12 +2089,13 @@ int msSLDParseExternalGraphic(CPLXMLNode *psExternalGraphic,
if (psFormat && psFormat->psChild && psFormat->psChild->pszValue)
pszFormat = psFormat->psChild->pszValue;
- /* supports GIF and PNG */
+ /* supports GIF and PNG and SVG */
if (pszFormat &&
(strcasecmp(pszFormat, "GIF") == 0 ||
strcasecmp(pszFormat, "image/gif") == 0 ||
strcasecmp(pszFormat, "PNG") == 0 ||
- strcasecmp(pszFormat, "image/png") == 0)) {
+ strcasecmp(pszFormat, "image/png") == 0 ||
+ strcasecmp(pszFormat, "image/svg+xml") == 0)) {
/* <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:type="simple" xlink:href="http://www.vendor.com/geosym/2267.svg"/> */
psURL = CPLGetXMLNode(psExternalGraphic, "OnlineResource");
@@ -2111,6 +2109,14 @@ int msSLDParseExternalGraphic(CPLXMLNode *psExternalGraphic,
if (psTmp && psTmp->psChild) {
pszURL = (char*)psTmp->psChild->pszValue;
+ /* validate the ExternalGraphic parameter */
+ if(msValidateParameter(pszURL, msLookupHashTable(&(map->web.validation), "sld_external_graphic"),
+ NULL, NULL, NULL) != MS_SUCCESS) {
+ msSetError(MS_WEBERR, "SLD ExternalGraphic OnlineResource value fails to validate against sld_external_graphic VALIDATION", "mapserv()");
+ return MS_FAILURE;
+ }
+
+
/*external symbols using http will be automaticallly downloaded. The file should be
saved in a temporary directory (msAddImageSymbol) #2305*/
psStyle->symbol = msGetSymbolIndex(&map->symbolset,
@@ -2132,9 +2138,6 @@ int msSLDParseExternalGraphic(CPLXMLNode *psExternalGraphic,
}
return MS_SUCCESS;
-#else
- return MS_FAILURE;
-#endif
}
View
@@ -344,6 +344,7 @@ int msAddImageSymbol(symbolSetObj *symbolset, char *filename)
{
char szPath[MS_MAXPATHLEN];
symbolObj *symbol=NULL;
+ char *extension=NULL;
if(!symbolset) {
msSetError(MS_SYMERR, "Symbol structure unallocated.", "msAddImageSymbol()");
@@ -357,6 +358,16 @@ int msAddImageSymbol(symbolSetObj *symbolset, char *filename)
return -1;
symbol = symbolset->symbol[symbolset->numsymbols];
+ /* check if svg checking extension otherwise assume it's a pixmap */
+ extension = strrchr(filename, '.');
+ if (extension == NULL)
+ extension = "";
+ if (strncasecmp(extension, ".svg", 4) == 0) {
+ symbol->type = MS_SYMBOL_SVG;
+ } else {
+ symbol->type = MS_SYMBOL_PIXMAP;
+ }
+
#ifdef USE_CURL
if (strncasecmp(filename, "http", 4) == 0) {
char *tmpfullfilename = NULL;
@@ -397,7 +408,6 @@ int msAddImageSymbol(symbolSetObj *symbolset, char *filename)
symbol->imagepath = msStrdup(filename);
}
symbol->name = msStrdup(filename);
- symbol->type = MS_SYMBOL_PIXMAP;
return(symbolset->numsymbols++);
}
Submodule msautotest updated from 2a065c to bb0a72

0 comments on commit e184249

Please sign in to comment.