Details
-
Type:
Bug
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 1.6.4
-
Fix Version/s: None
-
Component/s: Google Earth KML Output
-
Labels:None
-
Environment:Ubuntu 8.0.4
-
Number of attachments :
Description
org.vfny.geoserver.wms.servlets.KMLReflector does not escape CQL filters before rendering them into the networklink kml file returned. The following cql filter will cause it to choke:
CQL_FILTER=heading%3E3
Even though the original filter may have had the filter escaped, line 203 the text is not escaped anymore, i.e. it equals:
CQL_FILTER=heading>3
and that is the text that is put into the networklink kml file returned. I have tested "re-escaping" the CQL filter at line 203 and it seems to work. Not sure what the full and correct solution should be but can submit patch if desired.
Use the following contrived URL to test:
http://localhost:8080/geoserver/wms/kml_reflect?layers=topp:states,topp:states&CQL_FILTER=LAND_KM%3E400000;LAND_KM%3E500000
This should pull back Calif and Tex for the first layer and Tex for the second layer. Without the patch, the first call works which creates the two nested network links but they then fail due to parsing errors because the ">" sign is un-escaped in the two nested network links.
Any URL with multiple layers and CQL_FILTERS will also duplicate the issue.