Projet

Général

Profil

Révision 6156a9b6

Ajouté par Jocelyn Delande il y a plus de 10 ans

some request input checking/sanitization

Voir les différences:

genererPano.php
1 
<?php
2 
require_once 'class/utils.class.php';
3 
require_once 'class/site_point.class.php';
4 
require_once 'class/TilesGenerator.php';
5 
require_once 'constants.inc.php';
6 

  		




  
  7
  
    

  		




  
  8
  
    
$fields_spec = array(


  		




  
  9
  
    
  'name'   => array('required', 'basename'), // name of the field within uploads dir


  		




  
  10
  
    
  'wizard' => array('boolean')


  		




  
  11
  
    
);


  		




  
  12
  
    

  		




  
  13
  
    
$validator = new FormValidator($fields_spec);


  		




  
  14
  
    
$is_valid = $validator->validate($_GET);


  		




  
  15
  
    

  		




  
  16
  
    
if ($is_valid) {


  		




  
  17
  
    
  $input = $validator->sane_values();


  		




  
  18
  
    
}


  		




  
  19
  
    

  		




  
  20
  
    
?>


  		




  
  21
  
    

  		




  1
  22
  
    
<!DOCTYPE html>


  		




  2
  23
  
    
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">


  		




  3
  24
  
    
<head>


  		




  ......




  7
  28
  
    
</head>


  		




  8
  29
  
    

  		




  9
  30
  
    
<body>


  		




  10
  
  
    
<?php


  		




  11
  
  
    
require_once 'class/utils.class.php';


  		




  12
  
  
    
require_once 'class/site_point.class.php';


  		




  13
  
  
    
require_once 'class/TilesGenerator.php';


  		




  14
  
  
    
require_once 'constants.inc.php';


  		




  15
  31
  
    

  		




  16
  
  
    
if (isset($_GET['name'])) {


  		




  17
  
  
    
  $image_path = UPLOAD_PATH.'/'.$_GET['name'];


  		




  
  32
  
    
<?


  		




  
  33
  
    

  		




  
  34
  
    
if ($is_valid) {


  		




  
  35
  
    
  $image_path = UPLOAD_PATH.'/'.$input['name'];


  		




  18
  36
  
    
  // We init the panorama with the same name as image.


  		




  19
  
  
    
  $pano_name = utils::strip_extension($_GET['name']);


  		




  
  37
  
    
  $pano_name = utils::strip_extension($input['name']);


  		




  20
  38
  
    
  $panorama = site_point::get($pano_name);


  		




  21
  39
  
    

  		




  22
  40
  
    
  $tiles_generator = new TilesGenerator($image_path, $panorama);


  		




  ......




  39
  57
  
    

  		




  40
  58
  
    

  		




  41
  59
  
    
    // Redirect in js to sumary page


  		




  42
  
  
    
    if ($_GET['wizard']) {


  		




  
  60
  
    
    if ($input['wizard']) {


  		




  43
  61
  
    
      printf('<script>window.location=\'panoInfo.php?name=%s\'</script>\n', $pano_name);


  		




  44
  62
  
    
    }


  		




  45
  63
  
    

  		




  ......




  49
  67
  
    
    printf("<h4><span class=\"error\">%s</span></h4>\n", $e->getMessage());


  		




  50
  68
  
    
    print("</pre>\n");


  		




  51
  69
  
    
  }


  		




  
  70
  
    
} else { 


  		




  
  71
  
    
  $validator->print_errors(); 


  		




  52
  72
  
    
}


  		




  53
  73
  
    
?>


  		




  54
  74
  
    
</body>


  		












Formats disponibles :  Unified diff