[Chameleon] changing the FILTER map file parameter via URL

Paul Spencer pspencer at dmsolutions.ca
Wed May 4 08:58:51 EDT 2005 

Dave,

you can modify a layer using mapscript in your index.phtml file, 
something like:

if (isset($_REQUEST['map_myDataLayer_filter']))
{
   $oLayer = $oApp->moMapSession->oMap->getLayerByName( 'myLayer' );
   $oLayer->setFilter( $_REQUEST['map_myDataLayer_filter'] );
}

you would do this after $oApp->CWCInitialize() and before 
$oApp->CWCExecute();

Note that this example is not tested and is not particularly safe to use 
since the request value is not validated in any way.  You will need to 
make sure it is not possible for a user to craft a particular request 
that would somehow allow them to get data that is sensitive in some way 
(for instance, by joining to another table, renaming columns or just 
causing some sort of buffer overflow in the postgis driver).

Oddly, this is the first request I've had of this kind :)

Cheers

Paul

dave thau wrote:
> Hello folks,
> 
> I have an application which retrieves coordinates from a postgis/postgres
> database and plots the points on maps pulled using wms.  Everything works
> great in chameleon, but I want to be able to let users alter the FILTER
> via URL (like you can do with the mapserv cgi program).
> 
> Something like:
> 
> http://myapplication?map_myDataLayer_filter="foo like '%bar%'"
> 
> Is there a straightforward way to do this?  I can't find anything about it
> although it seems like it would be a common need.
> 
> Thanks for any suggestions!
> Dave
> 
> 
> _______________________________________________
> Chameleon mailing list
> Chameleon at lists.maptools.org
> http://lists.maptools.org/mailman/listinfo/chameleon
> 

-- 
+-----------------------------------------------------------------+
|Paul Spencer                           pspencer at dmsolutions.ca   |
+-----------------------------------------------------------------+
|Applications & Software Development                              |
|DM Solutions Group Inc                 http://www.dmsolutions.ca/|
+-----------------------------------------------------------------+

More information about the Chameleon mailing list