Révision 6156a9b6
| ID | 6156a9b6dc24cba2d55a4e6e15f56840fed02ae5 |
| Parent | a1063f68 |
| Enfant | e2b1b9c1 |
some request input checking/sanitization
Fichiers
- ajouté
- modifié
- copié
- renommé
- supprimé
Révisions
| class/FormValidator.class.php | ||
|---|---|---|
| 58 | 58 |
} |
| 59 | 59 |
} |
| 60 | 60 |
$this->sanitized = $sanitized; |
| 61 |
|
|
| 62 |
return ($err == false); |
|
| 61 |
return (count($this->errors) == 0); |
|
| 63 | 62 |
} |
| 64 | 63 |
|
| 65 | 64 |
public function validate_field($validator, $content) {
|
| ... | ... | |
| 83 | 82 |
return $this->sanitized; |
| 84 | 83 |
} |
| 85 | 84 |
|
| 85 |
public function print_errors() {
|
|
| 86 |
/** raw & quick HTML errors printing, for case that shouldn't happen to users. |
|
| 87 |
*/ |
|
| 88 |
echo '<pre>'; |
|
| 89 |
var_dump($this->errors()); |
|
| 90 |
echo '</pre>'; |
|
| 91 |
} |
|
| 92 |
|
|
| 86 | 93 |
public static function register($name, $function) {
|
| 87 | 94 |
self::$field_validators[$name] = $function; |
| 88 | 95 |
} |
| ... | ... | |
| 124 | 131 |
} |
| 125 | 132 |
); |
| 126 | 133 |
|
| 134 |
// Validate that it is not a file path |
|
| 135 |
FormValidator::register( |
|
| 136 |
'basename', |
|
| 137 |
function ($v) {
|
|
| 138 |
if (!strpos($v, '/') && !strpos($v, '\\')) {
|
|
| 139 |
return $v; |
|
| 140 |
} else {
|
|
| 141 |
throw new FieldValidationError('est un chemin');
|
|
| 142 |
} |
|
| 143 |
} |
|
| 144 |
); |
|
| 145 |
|
|
| 146 |
|
|
| 127 | 147 |
?> |
| class/site_point.class.php | ||
|---|---|---|
| 27 | 27 |
return $this->base_dir.'/'.$this->prefix.'.params'; |
| 28 | 28 |
} |
| 29 | 29 |
|
| 30 |
public function tiles_url_prefix() {
|
|
| 31 |
return PANORAMA_FOLDER.'/'.$this->prefix; |
|
| 32 |
} |
|
| 33 |
|
|
| 30 | 34 |
public function tiles_path() {
|
| 31 | 35 |
return $this->base_dir; |
| 32 | 36 |
} |
| genererPano.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
require_once 'class/utils.class.php'; |
|
| 3 |
require_once 'class/site_point.class.php'; |
|
| 4 |
require_once 'class/TilesGenerator.php'; |
|
| 5 |
require_once 'constants.inc.php'; |
|
| 6 |
|
|
| 7 |
|
|
| 8 |
$fields_spec = array( |
|
| 9 |
'name' => array('required', 'basename'), // name of the field within uploads dir
|
|
| 10 |
'wizard' => array('boolean')
|
|
| 11 |
); |
|
| 12 |
|
|
| 13 |
$validator = new FormValidator($fields_spec); |
|
| 14 |
$is_valid = $validator->validate($_GET); |
|
| 15 |
|
|
| 16 |
if ($is_valid) {
|
|
| 17 |
$input = $validator->sane_values(); |
|
| 18 |
} |
|
| 19 |
|
|
| 20 |
?> |
|
| 21 |
|
|
| 1 | 22 |
<!DOCTYPE html> |
| 2 | 23 |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr"> |
| 3 | 24 |
<head> |
| ... | ... | |
| 7 | 28 |
</head> |
| 8 | 29 |
|
| 9 | 30 |
<body> |
| 10 |
<?php |
|
| 11 |
require_once 'class/utils.class.php'; |
|
| 12 |
require_once 'class/site_point.class.php'; |
|
| 13 |
require_once 'class/TilesGenerator.php'; |
|
| 14 |
require_once 'constants.inc.php'; |
|
| 15 | 31 |
|
| 16 |
if (isset($_GET['name'])) {
|
|
| 17 |
$image_path = UPLOAD_PATH.'/'.$_GET['name']; |
|
| 32 |
<? |
|
| 33 |
|
|
| 34 |
if ($is_valid) {
|
|
| 35 |
$image_path = UPLOAD_PATH.'/'.$input['name']; |
|
| 18 | 36 |
// We init the panorama with the same name as image. |
| 19 |
$pano_name = utils::strip_extension($_GET['name']);
|
|
| 37 |
$pano_name = utils::strip_extension($input['name']);
|
|
| 20 | 38 |
$panorama = site_point::get($pano_name); |
| 21 | 39 |
|
| 22 | 40 |
$tiles_generator = new TilesGenerator($image_path, $panorama); |
| ... | ... | |
| 39 | 57 |
|
| 40 | 58 |
|
| 41 | 59 |
// Redirect in js to sumary page |
| 42 |
if ($_GET['wizard']) {
|
|
| 60 |
if ($input['wizard']) {
|
|
| 43 | 61 |
printf('<script>window.location=\'panoInfo.php?name=%s\'</script>\n', $pano_name);
|
| 44 | 62 |
} |
| 45 | 63 |
|
| ... | ... | |
| 49 | 67 |
printf("<h4><span class=\"error\">%s</span></h4>\n", $e->getMessage());
|
| 50 | 68 |
print("</pre>\n");
|
| 51 | 69 |
} |
| 70 |
} else {
|
|
| 71 |
$validator->print_errors(); |
|
| 52 | 72 |
} |
| 53 | 73 |
?> |
| 54 | 74 |
</body> |
| panoInfo.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
require_once 'class/site_point.class.php'; |
|
| 2 |
require_once('class/site_point.class.php');
|
|
| 3 |
require_once('class/FormValidator.class.php');
|
|
| 3 | 4 |
|
| 5 |
$fields_spec = array('name' => array('required', 'basename'));
|
|
| 6 |
|
|
| 7 |
$validator = new FormValidator($fields_spec); |
|
| 8 |
|
|
| 9 |
$is_valid = $validator->validate($_GET); |
|
| 4 | 10 |
|
| 5 |
$pano = site_point::get($_GET['name']); |
|
| 6 | 11 |
|
| 7 |
if ($pano->has_params()) {
|
|
| 8 |
$params = $pano->get_params(); |
|
| 9 |
$title = $params['titre']; |
|
| 10 |
$lat = $params['latitude']; |
|
| 11 |
$lon = $params['longitude']; |
|
| 12 |
} else {
|
|
| 13 |
$title = $__GET['name']; |
|
| 14 |
} |
|
| 15 | 12 |
|
| 13 |
if ($is_valid) {
|
|
| 14 |
$input = $validator->sane_values(); |
|
| 15 |
$pano = site_point::get($input['name']); |
|
| 16 |
|
|
| 17 |
if ($pano->has_params()) {
|
|
| 18 |
$params = $pano->get_params(); |
|
| 19 |
$title = $params['titre']; |
|
| 20 |
$lat = $params['latitude']; |
|
| 21 |
$lon = $params['longitude']; |
|
| 22 |
} else {
|
|
| 23 |
$title = $input['name']; |
|
| 24 |
} |
|
| 16 | 25 |
|
| 17 |
$has_tiles = $pano->has_tiles();//TODO |
|
| 18 |
$has_params = $pano->has_params(); |
|
| 19 |
$src_path = $pano->src_path(); |
|
| 26 |
|
|
| 27 |
$has_tiles = $pano->has_tiles();//TODO |
|
| 28 |
$has_params = $pano->has_params(); |
|
| 29 |
$src_path = $pano->src_path(); |
|
| 30 |
} else {
|
|
| 31 |
$validation_errors = $validator->errors(); |
|
| 32 |
} |
|
| 20 | 33 |
?> |
| 21 | 34 |
|
| 22 | 35 |
<!DOCTYPE html> |
| ... | ... | |
| 31 | 44 |
<h1><img src="images/tetaneutral.svg" alt="tetaneutral.net"/></h1> |
| 32 | 45 |
</header> |
| 33 | 46 |
<section id="main"> |
| 47 |
<?php if ($is_valid) { ?>
|
|
| 34 | 48 |
<h2><?php echo $title ?></h2> |
| 35 | 49 |
<ul id="pano-list"> |
| 36 | 50 |
<li> |
| ... | ... | |
| 58 | 72 |
<?php } ?> |
| 59 | 73 |
</li> |
| 60 | 74 |
</ul> |
| 75 |
<?php } else {
|
|
| 76 |
$validator->print_errors(); |
|
| 77 |
}?> |
|
| 61 | 78 |
</section> |
| 62 | 79 |
<footer class="validators"><samp> |
| 63 | 80 |
page validée par |
| panorama.php | ||
|---|---|---|
| 5 | 5 |
require 'class/utils.class.php'; |
| 6 | 6 |
require_once 'constants.inc.php'; |
| 7 | 7 |
|
| 8 |
$fields_spec = array( |
|
| 9 |
'panorama' => array('basename'),
|
|
| 10 |
'dir' => array(),//fixme |
|
| 11 |
'to_cap' => array('numeric'),
|
|
| 12 |
'to_ele' => array('numeric'),
|
|
| 13 |
'to_zoom' => array('numeric')
|
|
| 14 |
); |
|
| 15 |
|
|
| 16 |
$validator = new FormValidator($fields_spec); |
|
| 17 |
$is_valid = $validator->validate($_GET); |
|
| 18 |
|
|
| 19 |
if ($is_valid) {
|
|
| 20 |
$input = $validator->sane_values(); |
|
| 21 |
} else {
|
|
| 22 |
$validator->print_errors(); |
|
| 23 |
die();//fixme, could be cleaner |
|
| 24 |
} |
|
| 25 |
|
|
| 8 | 26 |
$form_extpoint = file_get_contents('html/form_extpoint.html');
|
| 9 | 27 |
|
| 10 | 28 |
$form_param = file_get_contents('html/form_param.html');
|
| 11 | 29 |
|
| 12 |
if (isset($_GET['dir']) && isset($_GET['panorama'])) {
|
|
| 13 |
$dir = $_GET['dir'];
|
|
| 14 |
$name = $_GET['panorama'];
|
|
| 30 |
if (isset($input['dir']) && isset($input['panorama'])) {
|
|
| 31 |
$dir = $input['dir'];
|
|
| 32 |
$name = $input['panorama'];
|
|
| 15 | 33 |
} else {
|
| 16 | 34 |
$dir = PANORAMA_PATH; |
| 17 | 35 |
$name = 'ttn_mediatheque'; |
| 18 | 36 |
} |
| 19 | 37 |
$opt_vals = array(); |
| 20 | 38 |
foreach(array('to_cap', 'to_ele', 'to_zoom') as $val) {
|
| 21 |
if (!empty($_GET[$val])) $opt_vals[$val] = $_GET[$val];
|
|
| 39 |
if (!empty($input[$val])) $opt_vals[$val] = $input[$val];
|
|
| 22 | 40 |
} |
| 23 | 41 |
|
| 24 |
$base_dir = $dir.'/'.$name;
|
|
| 25 |
$pt = new site_point($base_dir);
|
|
| 42 |
$pt = site_point::get($input['panorama']);
|
|
| 43 |
$base_dir = $pt->tiles_url_prefix();
|
|
| 26 | 44 |
if(!$pt) die("impossible d'accéder à ".$base_dir." !\n");
|
| 27 | 45 |
$params = $pt->get_params(); |
| 28 | 46 |
$prefix = $pt->get_prefix(); |
| ... | ... | |
| 140 | 158 |
print("</div>\n");
|
| 141 | 159 |
echo $form_extpoint; |
| 142 | 160 |
} elseif ($params == false ) {
|
| 143 |
$dir = $_GET['dir'];
|
|
| 144 |
$name = $_GET['panorama'];
|
|
| 161 |
$dir = $input['dir'];
|
|
| 162 |
$name = $input['panorama'];
|
|
| 145 | 163 |
printf($form_param, $name, $name); |
| 146 | 164 |
} |
| 147 | 165 |
echo '<p id="info"></p>'."\n"; |