Hi Armin.
You helped me a lot because you remind me that php.ini control variables (post,
get, requet) ass well.
My php.ini
configuration is for security reasons :
allow_url_fopen = Off
allow_url_include = Off
Let me be more specific
with my problem.
I work wmsclient plugin (I
suppose you remember our last discussion).
I want to send with PM.Map.ClientDynamicLayers.addOrReplaceLayers
funtion one wms layer in json type with
data:
var myLayer = '[{"def":
{"type": "json", ....."datatype":
"DynWMS", "data": " '+wmsurl+' "}]';
wmsurl is something like
that:
http://gis.ktimanet.gr/wms/wmsopen/wmsserver.aspx?VERSION=1.1.1&LAYERS=SPA,SCI
(dont try the above link, it
is just one example.)
Actually I try to add one
wms layer in mapfile with connection parameter the above link.
Unfortunately the
symbol "&" is problem because of php.ini.
So, I suppose I have to
replace "&" with other symbol and replace it in php.
Thanks again
________________________________
Απο: Armin Burger <[email protected]>
Προς: [email protected]
Στάλθηκε: 3:06 μ.μ. Σάββατο, 28 Μαΐου 2011
Θεμα: Re: [pmapper-users] prevent xss
well, a common practice in programming is that comments are valid for
lines following below. Just check which line is below the comment you
mentioned and you might get an idea.
In practice it is more or less obsolete since this should only be
required if the ini entry "register_globals" is enabled. But in this
case the unmodified p.mapper will exit and display an error message. In
addition, for code insertion via URL's it is required to have other ini
settings active that are not recommended. Just google for "p.mapper
security" and you will end up at at a section of the quick install
instructions which I assume everybody setting up a site with p.mapper
will read.
armin
On 28/05/2011 13:44, Andreas Douvalis wrote:
> Hi
>
> At the beginning of many files (including map_default.phtml and
> map_uilayout.phtml) there is one comment :
>
> // prevent XSS
>
> I suppose that the above comment means that we should add functions for
> avoiding xss attacks.
> That means that pmapper has
> not developed any special function for the above issue and Users have to
> develop their functions.
> Am I right?
> ------------------------------------------------------------------------------
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> http://p.sf.net/sfu/quest-d2dcopy1
> _______________________________________________
> pmapper-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/pmapper-users
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
pmapper-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/pmapper-users
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
pmapper-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/pmapper-users
