KML Reflector servlet not html-escaping cql filter clauses

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.6.4
Fix Version/s: None
Component/s: Google Earth KML Output
Labels:
None
Environment:
Ubuntu 8.0.4

Number of attachments :
1

Description

org.vfny.geoserver.wms.servlets.KMLReflector does not escape CQL filters before rendering them into the networklink kml file returned. The following cql filter will cause it to choke:

CQL_FILTER=heading%3E3

Even though the original filter may have had the filter escaped, line 203 the text is not escaped anymore, i.e. it equals:

CQL_FILTER=heading>3

and that is the text that is put into the networklink kml file returned. I have tested "re-escaping" the CQL filter at line 203 and it seems to work. Not sure what the full and correct solution should be but can submit patch if desired.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

KMLReflector.java.patch

19/Aug/08 11:51 AM

0.9 kB

Matt Bucknam

Activity

People

Assignee:

Andrea Aime

Reporter:

Matt Bucknam

Vote (0)

Watch (0)

Dates

Created:

15/Aug/08 3:05 PM

Updated:

19/Aug/08 11:51 AM