Opened 17 years ago
Closed 17 years ago
#2211 closed defect (fixed)
Should we allow setting TEMPLATE via URL?
| Reported by: | dmorissette | Owned by: | sdlime |
|---|---|---|---|
| Priority: | normal | Milestone: | 5.0 release |
| Component: | MapServer C Library | Version: | svn-trunk (development) |
| Severity: | normal | Keywords: | |
| Cc: |
Description
With the new msUpdateMapFromURL(), we don't seem to be able to set the web or legend template parameters. I realize there is a security risk associated with allowing users to set the template remotely, but since that used to be permitted and I believe there used to be a TEMPLATEPATTERN param to control the possible values, should we re-enable it?
I'm not saying we should, just pointing out the fact that setting template is no longer possible and asking if we should restore it.
Change History (4)
comment:1 by , 17 years ago
comment:2 by , 17 years ago
| Status: | new → assigned |
|---|
I need to re-enable it. I was struggling with how since I didn't want to apply the templatepattern anywhere but for URLs. I do know the fix for this and data (datapattern) and will fix this evening. Thanks for filing the bug.
(how are you finding all of these by the way?)
Steve
comment:3 by , 17 years ago
I'm working on my own list of tickets and just came accross those issues during my tests.
comment:4 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
The fix is a bit more complex. Basically we need to know what the token source is when parsing the configuration (file, string or url) so I added a little to the lexer code to set that tidbit of information when the lexer state is set (the state doesn't persist beyond initialization so I couldn't use that). Then we check the templatepattern or datapattern is the token source is a URL. So, we're back to 4.x functionality. I tested and it seems to work just fine.
Of course the syntax for any URL configuration has changed. I need to update the migration document.
Steve
BTW, this simple patch re-enabled setting TEMPLATE for me...
--- maplexer.l (revision 6486) +++ maplexer.l (working copy) @@ -271,7 +271,7 @@ <INITIAL>symbolscaledenom { return(SYMBOLSCALEDENOM); } <INITIAL>symbolset { return(SYMBOLSET); } <INITIAL>table { return(TABLE); } -<INITIAL>template { return(TEMPLATE); } +<INITIAL,URL_STRING>template { return(TEMPLATE); } <INITIAL>templatepattern { return(TEMPLATEPATTERN); } <INITIAL,URL_STRING>text { return(TEXT); } <INITIAL>tileindex { return(TILEINDEX); }