KML Reflector servlet not html-escaping cql filter clauses
----------------------------------------------------------
Key: GEOS-2127
URL: http://jira.codehaus.org/browse/GEOS-2127
Project: GeoServer
Issue Type: Bug
Components: Google Earth KML Output
Affects Versions: 1.6.4
Environment: Ubuntu 8.0.4
Reporter: Matt Bucknam
Assignee: Andrea Aime
org.vfny.geoserver.wms.servlets.KMLReflector does not escape CQL filters before rendering them into the networklink kml file returned. The following cql filter will cause it to choke:
CQL_FILTER=heading%3E3
Even though the original filter may have had the filter escaped, line 203 the text is not escaped anymore, i.e. it equals:
CQL_FILTER=heading>3
and that is the text that is put into the networklink kml file returned. I have tested "re-escaping" the CQL filter at line 203 and it seems to work. Not sure what the full and correct solution should be but can submit patch if desired.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira