Improvement for “Sharing Position with Friends” in MGE based Web GIS Application
4710 단어 application
We just taken about the MapGuide Security Hotfix yestoday, and let’s make some improments to make our "Sharing Position With Friends" more secure as well. To avoid cross site script attack, it would be more secure to valide the parameters before pass it into URL.
code goes below, please pay attention to the code marked as bold.
protected void Page_Load(object sender, EventArgs e)
{
// default flexible weblayout
string webLayout = @"Library://Samples/Sheboygan/FlexibleLayouts/Slate.ApplicationDefinition";
string viewerPathSchema = @"http://localhost/mapguide/fusion/templates/mapguide/slate/index.html?ApplicationDefinition={1}&SESSION={0}";
string defaultUser = "Administrator";
string defaultPassword = "admin";
Utility utility = new Utility();
utility.InitializeWebTier(Request);
MgUserInformation userInfo = new MgUserInformation(defaultUser, defaultPassword);
MgSiteConnection siteConnection = new MgSiteConnection();
siteConnection.Open(userInfo);
MgSite site = siteConnection.GetSite();
string sessionId = site.CreateSession();
//store in session for further use
Session["sessionId"] = sessionId;
if (Request["X"] != null && Request["Y"] != null && Request["scale"] != null)
{
string centerX = Request["X"].ToString();
string centerY = Request["Y"].ToString();
string scale = Request["scale"].ToString();
// validate the parameter to avoid XSS attack
if (IsValid(centerX) && IsValid(centerY) && IsValid(scale))
{
//Generate the new weblayout resource identifier
webLayout = utility.ChangeInitialViewInWebLayout(webLayout, sessionId, centerX, centerY, scale);
}
}
string viewerPath = string.Format(viewerPathSchema, sessionId, Server.UrlEncode(webLayout));
Response.Redirect(viewerPath);
}
//Only number is valid
private bool IsValid(string input)
{
return System.Text.RegularExpressions.Regex.IsMatch(input, @"^(-|\+)?\d+(\.\d+)?$");
}
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
cheers!
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
Pre-Query SamplesValidate the current query criteria or provide additional query criteria programmatically, just before sending the SELEC...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.