'; die(); } $languageCode = $testMatch; $testMatch = NULL; } //validate following parameter to prohibit xss - see result pentest 03/2014 //cat_id if (isset($_REQUEST["cat_id"]) & $_REQUEST["cat_id"] != "") { //validate to integer $testMatch = $_REQUEST["cat_id"]; //give max 99 entries - more will be to slow $pattern = '/^[0-9]*$/'; if (!preg_match($pattern,$testMatch)){ echo 'Parameter cat_id is not valid (integer).
'; die(); } $testMatch = NULL; } //validate if (isset($_REQUEST["validate"]) & $_REQUEST["validate"] != "") { $testMatch = $_REQUEST["validate"]; if (!($testMatch == 'true' or $testMatch == 'false')){ echo 'Parameter validate is not valid (true,false).
'; die(); } $testMatch = NULL; } //uuid if (isset($_REQUEST['uuid']) & $_REQUEST['uuid'] != "") { //validate cs list of uuids or other identifiers - which? $testMatch = $_REQUEST["uuid"]; $uuid = new Uuid($testMatch); $isUuid = $uuid->isValid(); if (!$isUuid) { echo 'Parameter uuid is not a valid uuid (8-4-4-4-12) or a list of uuids!
'; die(); } $testMatch = NULL; } //mdtype if (isset($_REQUEST["mdtype"]) & $_REQUEST["mdtype"] != "") { $testMatch = $_REQUEST["mdtype"]; if (!($testMatch == 'html' or $testMatch == 'iso19139' or $testMatch == 'debug' or $testMatch == 'inspire')){ echo 'Parameter mdtype is not valid (iso19139, html, debug, inspire).
'; die(); } $testMatch = NULL; } //outputFormat if (isset($_REQUEST["outputFormat"]) & $_REQUEST["outputFormat"] != "") { $testMatch = $_REQUEST["outputFormat"]; if (!($testMatch == 'rdf')){ echo 'Parameter outputFormat is not valid (rdf).
'; die(); } $testMatch = NULL; } if(!isset($_REQUEST["cat_id"])) { echo "no opensearch id set"; die(); } else { #if(isset($_REQUEST["mdtype"])&($_REQUEST["mdtype"]=='debug') ) { # echo "opensearch interface no.: ".$_REQUEST["osid"]." will be requested
"; #} $cat_id = $_REQUEST["cat_id"]; } if(!isset($_REQUEST["uuid"])) { echo "No uuid of dataset given!"; die(); } else { $uuid = $_REQUEST["uuid"]; } function getExtentGraphic($layer_4326_box) { $rlp_4326_box = array(6.05,48.9,8.6,50.96); if ($layer_4326_box[0] <= $rlp_4326_box[0] || $layer_4326_box[2] >= $rlp_4326_box[2] || $layer_4326_box[1] <= $rlp_4326_box[1] || $layer_4326_box[3] >= $rlp_4326_box[3]) { if ($layer_4326_box[0] < $rlp_4326_box[0]) { $rlp_4326_box[0] = $layer_4326_box[0]; } if ($layer_4326_box[2] > $rlp_4326_box[2]) { $rlp_4326_box[2] = $layer_4326_box[2]; } if ($layer_4326_box[1] < $rlp_4326_box[1]) { $rlp_4326_box[1] = $layer_4326_box[1]; } if ($layer_4326_box[3] > $rlp_4326_box[3]) { $rlp_4326_box[3] = $layer_4326_box[3]; } $d_x = $rlp_4326_box[2] - $rlp_4326_box[0]; $d_y = $rlp_4326_box[3] - $rlp_4326_box[1]; $new_minx = $rlp_4326_box[0] - 0.05*($d_x); $new_maxx = $rlp_4326_box[2] + 0.05*($d_x); $new_miny = $rlp_4326_box[1] - 0.05*($d_y); $new_maxy = $rlp_4326_box[3] + 0.05*($d_y); if ($new_minx < -180) $rlp_4326_box[0] = -180; else $rlp_4326_box[0] = $new_minx; if ($new_maxx > 180) $rlp_4326_box[2] = 180; else $rlp_4326_box[2] = $new_maxx; if ($new_miny < -90) $rlp_4326_box[1] = -90; else $rlp_4326_box[1] = $new_miny; if ($new_maxy > 90) $rlp_4326_box[3] = 90; else $rlp_4326_box[3] = $new_maxy; } $getMapUrl = EXTENTSERVICEURL."VERSION=1.1.1&REQUEST=GetMap&SERVICE=WMS&LAYERS=".EXTENTSERVICELAYER."&STYLES=&SRS=EPSG:4326&BBOX=".$rlp_4326_box[0].",".$rlp_4326_box[1].",".$rlp_4326_box[2].",".$rlp_4326_box[3]."&WIDTH=120&HEIGHT=120&FORMAT=image/png&BGCOLOR=0xffffff&TRANSPARENT=TRUE&EXCEPTIONS=application/vnd.ogc.se_inimage&minx=".$layer_4326_box[0]."&miny=".$layer_4326_box[1]."&maxx=".$layer_4326_box[2]."&maxy=".$layer_4326_box[3]; return $getMapUrl; } function display_text($string) { $string = preg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]", "\\0", $string); $string = preg_replace("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@([0-9a-z](-?[0-9a-z])*\.)+[a-z]{2}([zmuvtg]|fo|me)?$", "\\0", $string); $string = preg_replace("\n", "
", $string); return $string; } function guid(){ if (function_exists('com_create_guid')){ return com_create_guid(); }else{ mt_srand((double)microtime()*10000);//optional for php 4.2.0 and up. $charid = strtoupper(md5(uniqid(rand(), true))); $hyphen = chr(45);// "-" $uuid = chr(123)// "{" .substr($charid, 0, 8).$hyphen .substr($charid, 8, 4).$hyphen .substr($charid,12, 4).$hyphen .substr($charid,16, 4).$hyphen .substr($charid,20,12) .chr(125);// "}" return $uuid; } } $sql_csw = "SELECT * from gp_csw WHERE csw_id = $1 ORDER BY csw_id"; #do db select $v[] = $cat_id; $t[] = 'i'; $res_csw = db_prep_query($sql_csw, $v, $t); #initialize count of search interfaces $cnt_csw = 0; #initialize result array $csw_list=array(array()); #fill result array while($row_csw = db_fetch_array($res_csw)){ $csw_list[$cnt_csw] ['id'] = $row_csw["csw_id"]; $csw_list[$cnt_csw] ['name'] = $row_csw["csw_name"]; #echo "CSW Name:".$row_csw["csw_name"]; $csw_list[$cnt_csw] ['fkey_cat_id'] = $row_csw["fkey_cat_id"]; #echo "CSW cat_id:".$row_csw["fkey_cat_id"]; //get urls for getrecords and getrecordbyid from table cat $v = (integer)$row_csw["fkey_cat_id"]; $t = 'i'; $sql_gr = "select param_value, param_name from cat_op_conf where fk_cat_id = $1 and param_type = 'getrecords'"; $res_gr = db_prep_query($sql_gr, $v, $t); //look after the values preference get/post/post_xml while ($row_gr = db_fetch_array($res_gr)) { switch ($row_gr['param_name']) { case "get" : $csw_list[$cnt_csw] ['getrecordsurl_param_name'] = "get"; if (isset($row_gr['param_value']) && $row_gr['param_value'] != '') { $csw_list[$cnt_csw] ['getrecordsurl'] = $row_gr['param_value']; break 2; } break 1; case "post" : $csw_list[$cnt_csw] ['getrecordsurl_param_name'] = "post"; if (isset($row_gr['param_value']) && $row_gr['param_value'] != '') { $csw_list[$cnt_csw] ['getrecordsurl'] = $row_gr['param_value']; break 2; } break 1; case "post_xml" : $csw_list[$cnt_csw] ['getrecordsurl_param_name'] = "post_xml"; if (isset($row_gr['param_value']) && $row_gr['param_value'] != '' ) { $csw_list[$cnt_csw] ['getrecordsurl'] = $row_gr['param_value']; break 2; } break 1; } } $e = new mb_notice("
getrecords param type: ".$csw_list[$cnt_csw]['getrecordsurl_param_name']."
"); $csw_list[$cnt_csw] ['getrecordsurl'] = rtrim($csw_list[$cnt_csw] ['getrecordsurl'], "?"); #echo "count csw: ".$cnt_csw; #echo "
getrecordsurl: ".$csw_list[$cnt_csw]['getrecordsurl']."
"; $sql_grbi = "select * from cat_op_conf where fk_cat_id = $1 and param_type = 'getrecordbyid' and param_name='get'"; $res_grbi = db_prep_query($sql_grbi, $v, $t); $row_grbi = db_fetch_array($res_grbi); $csw_list[$cnt_csw] ['getrecordbyidurl'] = $row_grbi['param_value']; $csw_list[$cnt_csw] ['getrecordbyidurl'] = rtrim($csw_list[$cnt_csw] ['getrecordbyidurl'], "?"); #echo "
getrecordbyidurl: ".$csw_list[$cnt_csw]['getrecordbyidurl']."
"; $csw_list[$cnt_csw] ['h'] = $row_csw["csw_h"]; $csw_list[$cnt_csw] ['p'] = $row_csw["csw_p"]; $cnt_csw++; } #echo "\nCount of registrated OpenSearch Interfaces: ".count($os_list)."\n"; #*** #define new csw get record by id search like: #http://www.portalu.de/csw202?request=GetRecordById&service=CSW&version=2.0.2&Id=81FF8BB2-2753-4A95-8C1E-F78C19035780&ElementSetName=full $openSearchUrlDetail = $csw_list[0] ['getrecordbyidurl']; #echo $cat_id; $url = $openSearchUrlDetail."?request=GetRecordById&service=CSW&version=2.0.2&Id=".$uuid."&ElementSetName=full&OUTPUTSCHEMA=http://www.isotc211.org/2005/gmd"; #echo $url; #create connector object $openSearchObject = new connector($url); #get results $openSearchDetail = $openSearchObject->file; //solve problem with xlink namespace for href attributes: $openSearchDetail = str_replace('xlink:href', 'xlinkhref', $openSearchDetail); #http://forums.devshed.com/php-development-5/simplexml-namespace-attributes-problem-452278.html #http://www.leftontheweb.com/message/A_small_SimpleXML_gotcha_with_namespaces $md_ident = $iso19139Hash; #$openSearchDetail = str_replace('xmlns=', 'ns=', $openSearchDetail); $openSearchDetailXML=simplexml_load_string($openSearchDetail); #extract objects to iso19139 elements $openSearchDetailXML->registerXPathNamespace("csw", "http://www.opengis.net/cat/csw/2.0.2"); $openSearchDetailXML->registerXPathNamespace("gml", "http://www.opengis.net/gml"); $openSearchDetailXML->registerXPathNamespace("gco", "http://www.isotc211.org/2005/gco"); $openSearchDetailXML->registerXPathNamespace("gmd", "http://www.isotc211.org/2005/gmd"); $openSearchDetailXML->registerXPathNamespace("gts", "http://www.isotc211.org/2005/gts"); $openSearchDetailXML->registerXPathNamespace("srv", "http://www.isotc211.org/2005/srv"); $openSearchDetailXML->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink"); //check if only iso19139 data is requested - if so - push the result automatically from the CSW getRecordById request to the user or the validator if ($_REQUEST['mdtype']=='iso19139' && $_REQUEST['validate'] != 'true') { header("Content-type: application/xhtml+xml; charset=UTF-8"); //delete csw entries from response file $MD_Metadata = str_replace('', '', $openSearchDetail); $MD_Metadata = str_replace('', '', $MD_Metadata); echo $MD_Metadata; die(); } if ($_REQUEST['mdtype']=='iso19139' && $_REQUEST['validate'] == 'true') { $MD_Metadata = str_replace('', '', $openSearchDetail); $MD_Metadata = str_replace('', '', $MD_Metadata); validateInspire($MD_Metadata); } $j=0; for($a = 0; $a < count($md_ident); $a++) { $resultOfXpath = $openSearchDetailXML->xpath('/csw:GetRecordByIdResponse'.$md_ident[$a]['iso19139']); for ($i = 0; $i < count($resultOfXpath); $i++) { $md_ident[$a]['value'] = $md_ident[$a]['value'].",".$resultOfXpath[$i]; } $md_ident[$a]['value'] = ltrim($md_ident[$a]['value'],','); } //generate output for different parameters mdtype //overwrite if outputFormat = rdf if ($_REQUEST["outputFormat"] == "rdf") { $_REQUEST["mdtype"] = "rdf"; } switch ($_REQUEST["mdtype"]) { case "html": $mbMetadata = new Iso19139(); $mbMetadata->readFromUrl($url); $html = $mbMetadata->transformToHtml('tabs','de'); header("Content-type: text/html; charset=UTF-8"); echo $html; die(); break; case "inspire": echo "GetRecordById URL

"; for($a = 0; $a < count($md_ident); $a++) { echo "".$md_ident[$a]['html'].": ".$md_ident[$a]['value']."

"; } die(); break; case "debug": echo "GetRecordById URL

"; for($a = 0; $a < count($md_ident); $a++) { echo "".$md_ident[$a]['html'].": ".$md_ident[$a]['value']."

"; } die(); break; case "rdf": $mbMetadata = new Iso19139(); $mbMetadata->readFromUrl($url); $rdf = $mbMetadata->transformToRdf(); header("Content-type: text/xml; charset=UTF-8"); echo $rdf; die(); break; default: echo "GetRecordById URL

"; for($a = 0; $a < count($md_ident); $a++) { echo "".$md_ident[$a]['html'].": ".$md_ident[$a]['value']."

"; } die(); break; } ?>