# HG changeset patch # User Sascha L. Teichmann # Date 1358501409 -3600 # Node ID a06e443f159afc7ca24dc9ca76d16f25d2e4c6f4 # Parent 5ca2516ebef198d6e48579105ade91767907743c Removed XPath injection! diff -r 5ca2516ebef1 -r a06e443f159a flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java --- a/flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java Thu Jan 17 21:06:41 2013 +0100 +++ b/flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java Fri Jan 18 10:30:09 2013 +0100 @@ -35,13 +35,13 @@ public static final String XPATH_MAPTYPE = "/mapinfo/maptype/text()"; private static final String XPATH_RIVER_PROJECTION = - "/artifact-database/floodmap/river[@name=$river]/srid/@value"; + "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/srid/@value"; private static final String XPATH_RIVER_BACKGROUND = - "/artifact-database/floodmap/river[@name=$river]/background-wms"; + "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/background-wms"; private static final String XPATH_RIVER_WMS = - "/artifact-database/floodmap/river[@name=$river]/river-wms"; + "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/river-wms"; /** The logger used in this service.*/ @@ -72,13 +72,6 @@ null, variables); } - protected String xpathMaptypeSwitch(String maptype, String xpath) { - if (maptype != null) { - return xpath.replace("floodmap", maptype); - } - return xpath; - } - @Override public Document processXML( Document data, @@ -93,13 +86,18 @@ Element mapinfo = cr.create("mapinfo"); result.appendChild(mapinfo); - String mapType = extractMaptype(data); String river = extractRiver(data); if (river == null || river.length() == 0) { logger.warn("Cannot generate information: river is empty!"); return result; } + String mapType = extractMaptype(data); + if (mapType == null + || !(mapType.equals("floodmap") || mapType.equals("rivermap"))) { + mapType = "floodmap"; + } + Element root = cr.create("river"); cr.addAttr(root, "name", river); mapinfo.appendChild(root); @@ -107,7 +105,9 @@ Envelope env = GeometryUtils.getRiverBoundary(river); if (env != null) { String bounds = GeometryUtils.jtsBoundsToOLBounds(env); - logger.debug("River '" + river + "' bounds: " + bounds); + if (logger.isDebugEnabled()) { + logger.debug("River '" + river + "' bounds: " + bounds); + } Element bbox = cr.create("bbox"); cr.addAttr(bbox, "value", bounds); @@ -115,10 +115,10 @@ } Map vars = new HashMap(); + vars.put("maptype", mapType); vars.put("river", river); - String sridStr = getStringXPath( - xpathMaptypeSwitch(mapType, XPATH_RIVER_PROJECTION), vars); + String sridStr = getStringXPath(XPATH_RIVER_PROJECTION, vars); if (sridStr != null && sridStr.length() > 0) { Element srid = cr.create("srid"); @@ -126,23 +126,27 @@ root.appendChild(srid); } - logger.debug("processXML: " + XMLUtils.toString(root)); + if (logger.isDebugEnabled()) { + logger.debug("processXML: " + XMLUtils.toString(root)); + } + root.appendChild( - createWMSElement("background-wms", - xpathMaptypeSwitch(mapType, XPATH_RIVER_BACKGROUND), vars, cr)); + createWMSElement("background-wms", + XPATH_RIVER_BACKGROUND, vars, cr)); + root.appendChild( - createWMSElement("river-wms", - xpathMaptypeSwitch(mapType, XPATH_RIVER_WMS), vars, cr)); + createWMSElement("river-wms", + XPATH_RIVER_WMS, vars, cr)); return result; } protected Element createWMSElement( - String elementName, - String xpath, - Map vars, - ElementCreator cr) + String elementName, + String xpath, + Map vars, + ElementCreator cr) { logger.debug("createWMSElement()"); @@ -163,12 +167,12 @@ } - protected String extractRiver(Document data) { + private static String extractRiver(Document data) { return XMLUtils.xpathString( data, XPATH_RIVER, ArtifactNamespaceContext.INSTANCE); } - protected String extractMaptype(Document data) { + private static String extractMaptype(Document data) { return XMLUtils.xpathString( data, XPATH_MAPTYPE, ArtifactNamespaceContext.INSTANCE); }