Skip to content
Permalink
Browse files

Update security exceptions

  • Loading branch information
pblottiere committed Mar 28, 2019
1 parent 75ba909 commit cbe73c1e715276e626919ce27e8a4e6b2f4ccbe1
Showing with 10 additions and 11 deletions.
  1. +10 −11 src/server/services/wms/qgswmsrenderer.cpp
@@ -2710,8 +2710,8 @@ namespace QgsWms
QString errorMsg;
if ( !filterXml.setContent( filter.mFilter, true, &errorMsg ) )
{
throw QgsBadRequestException( QStringLiteral( "Filter string rejected" ),
QStringLiteral( "error message: %1. The XML string was: %2" ).arg( errorMsg, filter.mFilter ) );
throw QgsBadRequestException( QgsServiceException::QGIS_INVALID_PARAMETER_VALUE,
QStringLiteral( "Filter string rejected. Error message: %1. The XML string was: %2" ).arg( errorMsg, filter.mFilter ) );
}
QDomElement filterElem = filterXml.firstChildElement();
std::unique_ptr<QgsExpression> expression( QgsOgcUtils::expressionFromOgcFilter( filterElem, filter.mVersion, filteredLayer ) );
@@ -2726,15 +2726,14 @@ namespace QgsWms
// QGIS (SQL) filter
if ( !testFilterStringSafety( filter.mFilter ) )
{
throw QgsBadRequestException( QStringLiteral( "Filter string rejected" ),
QStringLiteral( "The filter string %1"
" has been rejected because of security reasons."
" Note: Text strings have to be enclosed in single or double quotes."
" A space between each word / special character is mandatory."
" Allowed Keywords and special characters are "
" AND,OR,IN,<,>=,>,>=,!=,',',(,),DMETAPHONE,SOUNDEX."
" Not allowed are semicolons in the filter expression." ).arg(
filter.mFilter ) );
throw QgsSecurityException( QStringLiteral( "The filter string %1"
" has been rejected because of security reasons."
" Note: Text strings have to be enclosed in single or double quotes."
" A space between each word / special character is mandatory."
" Allowed Keywords and special characters are "
" AND,OR,IN,<,>=,>,>=,!=,',',(,),DMETAPHONE,SOUNDEX."
" Not allowed are semicolons in the filter expression." ).arg(
filter.mFilter ) );
}

QString newSubsetString = filter.mFilter;

0 comments on commit cbe73c1

Please sign in to comment.
You can’t perform that action at this time.