Skip to content
Permalink
Browse files
WMS server: let fuzzy string functions go through filter safety test
  • Loading branch information
mhugent committed Dec 8, 2011
1 parent 94984a3 commit 9c89965ee004e9a29e07d1e04f0028e00034a2cb
Showing with 5 additions and 3 deletions.
  1. +5 −3 src/mapserver/qgswmsserver.cpp
@@ -581,7 +581,7 @@ QImage* QgsWMSServer::getMap()
restoreLayerFilters( originalLayerFilters );
clearFeatureSelections( selectedLayerIdList );

QgsDebugMsg("clearing filters");
QgsDebugMsg( "clearing filters" );
QgsMapLayerRegistry::instance()->mapLayers().clear();

#ifdef QGISDEBUG
@@ -1700,7 +1700,7 @@ QMap<QString, QString> QgsWMSServer::applyRequestedLayerFilters( const QStringLi
throw QgsMapServiceException( "Filter string rejected", "The filter string " + eqSplit.at( 1 ) +
" has been rejected because of security reasons. Note: Text strings have to be enclosed in single or double quotes. " +
"A space between each word / special character is mandatory. Allowed Keywords and special characters are " +
"AND,OR,IN,<,>=,>,>=,!=,',',(,). Not allowed are semicolons in the filter expression." );
"AND,OR,IN,<,>=,>,>=,!=,',',(,),DMETAPHONE,SOUNDEX. Not allowed are semicolons in the filter expression." );
}

//we need to find the maplayer objects matching the layer name
@@ -1832,7 +1832,9 @@ bool QgsWMSServer::testFilterStringSafety( const QString& filter ) const
|| tokenIt->compare( ">=" ) == 0
|| tokenIt->compare( "AND", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "OR", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "IN", Qt::CaseInsensitive ) == 0 )
|| tokenIt->compare( "IN", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "DMETAPHONE", Qt::CaseInsensitive ) == 0
|| tokenIt->compare( "SOUNDEX", Qt::CaseInsensitive ) == 0 )
{
continue;
}

0 comments on commit 9c89965

Please sign in to comment.