Ticket #3522 (closed enhancement: fixed)
mandatory validation patterns
|Reported by:||regodon||Owned by:||sdlime|
I find that variable substituion is a powerful but very dangerous feature as it is very prone to sql injections.
I would like that it were mandatory to define validation patterns for each variable (%variable%) present in the mapfile. Or may be there should be a "SECURITY strict" directive to enable/disable this behaviour.
Also, i have found that validation_patterns are global to all the mapfile, not restricted to the layer where they are defined into, so it doesn't matter in which layer you define them. It's logical since variable substituion is global too. So, maybe all validation patterns should be defined together at map level and not inside layers.
Just my thoughts.