[Geoserver-devel] [jira] Created: (GEOS-2127) KML Reflector servlet not html-escaping cql filter clauses

KML Reflector servlet not html-escaping cql filter clauses
----------------------------------------------------------

                 Key: GEOS-2127
                 URL: http://jira.codehaus.org/browse/GEOS-2127
             Project: GeoServer
          Issue Type: Bug
          Components: Google Earth KML Output
    Affects Versions: 1.6.4
         Environment: Ubuntu 8.0.4
            Reporter: Matt Bucknam
            Assignee: Andrea Aime

org.vfny.geoserver.wms.servlets.KMLReflector does not escape CQL filters before rendering them into the networklink kml file returned. The following cql filter will cause it to choke:

CQL_FILTER=heading%3E3

Even though the original filter may have had the filter escaped, line 203 the text is not escaped anymore, i.e. it equals:

CQL_FILTER=heading>3

and that is the text that is put into the networklink kml file returned. I have tested "re-escaping" the CQL filter at line 203 and it seems to work. Not sure what the full and correct solution should be but can submit patch if desired.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira