Improvement for “Sharing Position with Friends” in MGE based Web GIS Application
2010-04-07 20:56
441 查看
We just taked about the MapGuide Security Hotfix yestoday, and let’s make some improments to make our “Sharing Position With Friends” more secure as well. To avoid cross site script attack, it would be more secure to valide the parameters before pass it into URL.
code goes below, please pay attention to the code marked as bold.
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
cheers!
code goes below, please pay attention to the code marked as bold.
protected void Page_Load(object sender, EventArgs e) { // default flexible weblayout string webLayout = @"Library://Samples/Sheboygan/FlexibleLayouts/Slate.ApplicationDefinition"; string viewerPathSchema = @"http://localhost/mapguide/fusion/templates/mapguide/slate/index.html?ApplicationDefinition={1}&SESSION={0}"; string defaultUser = "Administrator"; string defaultPassword = "admin"; Utility utility = new Utility(); utility.InitializeWebTier(Request); MgUserInformation userInfo = new MgUserInformation(defaultUser, defaultPassword); MgSiteConnection siteConnection = new MgSiteConnection(); siteConnection.Open(userInfo); MgSite site = siteConnection.GetSite(); string sessionId = site.CreateSession(); //store in session for further use Session["sessionId"] = sessionId; if (Request["X"] != null && Request["Y"] != null && Request["scale"] != null) { string centerX = Request["X"].ToString(); string centerY = Request["Y"].ToString(); string scale = Request["scale"].ToString(); // validate the parameter to avoid XSS attack if (IsValid(centerX) && IsValid(centerY) && IsValid(scale)) { //Generate the new weblayout resource identifier webLayout = utility.ChangeInitialViewInWebLayout(webLayout, sessionId, centerX, centerY, scale); } } string viewerPath = string.Format(viewerPathSchema, sessionId, Server.UrlEncode(webLayout)); Response.Redirect(viewerPath); } //Only number is valid private bool IsValid(string input) { return System.Text.RegularExpressions.Regex.IsMatch(input, @"^(-|\+)?\d+(\.\d+)?$"); }
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
cheers!
相关文章推荐
- “Sharing Position with Friends” in MGE based Web GIS Application
- “Sharing Position with Friends” in MGE based Web GIS Application
- ArcMap 连接SDE 出错“Failed to connect to the specified server. Entry for SDE instance no found in services file.”
- cannot be resolved in either web.xml or the jar files deployed with this application
- 警告: No mapping found for HTTP request with URI [/bks_xk/WEB-INF/jsps/first.jsp] in DispatcherServlet
- Spring异常:Error creating bean with name 'sessionFactory' defined in ServletContext resource [/WEB-INF/classes/applicationContext.
- ABAP “FOR ALL ENTRIES IN” 使用指南
- Tomcat:Custom a common error page valve for all web application in tomcat
- cannot be resolved in either web.xml or the jar files deployed with this application
- IDEA启动WEB项目访问Controller一直提示错误:No mapping found for HTTP request with URI [xxxx] in DispatcherServlet
- Unify the Role-Based Security Models for Enterprise and Application Domains with .NET
- Error creating bean with name 'dataSource' defined in file [WEB_INF\classes\spring\applicationContex
- maven使用jstl表达式和The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application解决
- HTTP Status 500 - The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application
- Spark - A tiny Sinatra inspired framework for creating web applications in Java 8 with minimal effor
- No mapping found for HTTP request with URI [/Demo/WEB-INF/page/login.jsp] in DispatcherServlet with
- Implementing a Dialog Box in ASP.NET Based Web Application
- Inaccurate values for “Currently allocated space” and “Available free space” in the Shrink File dialog for TEMPDB only
- 启用SharePoint 的 web application下面所有站点“备用语言”
- 5 advice for developing RIA and WEB application in Flex