Projet

Général

Profil

Révision 6156a9b6

Ajouté par Jocelyn Delande il y a presque 11 ans

some request input checking/sanitization

Voir les différences:

class/FormValidator.class.php
58 58
			}
59 59
		}
60 60
		$this->sanitized = $sanitized;
61

  
62
		return ($err == false);
61
		return (count($this->errors) == 0);
63 62
	}
64 63

  
65 64
	public function validate_field($validator, $content) {
......
83 82
		return $this->sanitized;
84 83
	}
85 84

  
85
	public function print_errors() {
86
		/** raw & quick HTML errors printing, for case that shouldn't happen to users.
87
		 */
88
		echo '<pre>';
89
		var_dump($this->errors());
90
		echo '</pre>';
91
	}
92

  
86 93
	public static function register($name, $function) {
87 94
		self::$field_validators[$name] = $function;
88 95
	}
......
124 131
  }
125 132
);
126 133

  
134
// Validate that it is not a file path
135
FormValidator::register(
136
  'basename',
137
  function ($v) {
138
	  if (!strpos($v, '/') && !strpos($v, '\\')) {
139
		  return $v;
140
	  } else {
141
		  throw new FieldValidationError('est un chemin');
142
	  }
143
  }
144
);
145

  
146

  
127 147
?>
class/site_point.class.php
27 27
	  return $this->base_dir.'/'.$this->prefix.'.params';
28 28
  }
29 29

  
30
  public function tiles_url_prefix() {
31
	  return PANORAMA_FOLDER.'/'.$this->prefix;
32
  }
33

  
30 34
  public function tiles_path() {
31 35
	  return $this->base_dir;
32 36
  }
genererPano.php
1
<?php
2
require_once 'class/utils.class.php';
3
require_once 'class/site_point.class.php';
4
require_once 'class/TilesGenerator.php';
5
require_once 'constants.inc.php';
6

  
7

  
8
$fields_spec = array(
9
  'name'   => array('required', 'basename'), // name of the field within uploads dir
10
  'wizard' => array('boolean')
11
);
12

  
13
$validator = new FormValidator($fields_spec);
14
$is_valid = $validator->validate($_GET);
15

  
16
if ($is_valid) {
17
  $input = $validator->sane_values();
18
}
19

  
20
?>
21

  
1 22
<!DOCTYPE html>
2 23
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
3 24
<head>
......
7 28
</head>
8 29

  
9 30
<body>
10
<?php
11
require_once 'class/utils.class.php';
12
require_once 'class/site_point.class.php';
13
require_once 'class/TilesGenerator.php';
14
require_once 'constants.inc.php';
15 31

  
16
if (isset($_GET['name'])) {
17
  $image_path = UPLOAD_PATH.'/'.$_GET['name'];
32
<?
33

  
34
if ($is_valid) {
35
  $image_path = UPLOAD_PATH.'/'.$input['name'];
18 36
  // We init the panorama with the same name as image.
19
  $pano_name = utils::strip_extension($_GET['name']);
37
  $pano_name = utils::strip_extension($input['name']);
20 38
  $panorama = site_point::get($pano_name);
21 39

  
22 40
  $tiles_generator = new TilesGenerator($image_path, $panorama);
......
39 57

  
40 58

  
41 59
    // Redirect in js to sumary page
42
    if ($_GET['wizard']) {
60
    if ($input['wizard']) {
43 61
      printf('<script>window.location=\'panoInfo.php?name=%s\'</script>\n', $pano_name);
44 62
    }
45 63

  
......
49 67
    printf("<h4><span class=\"error\">%s</span></h4>\n", $e->getMessage());
50 68
    print("</pre>\n");
51 69
  }
70
} else { 
71
  $validator->print_errors(); 
52 72
}
53 73
?>
54 74
</body>
panoInfo.php
1 1
<?php
2
require_once 'class/site_point.class.php';
2
require_once('class/site_point.class.php');
3
require_once('class/FormValidator.class.php');
3 4

  
5
$fields_spec = array('name' => array('required', 'basename'));
6

  
7
$validator = new FormValidator($fields_spec);
8

  
9
$is_valid = $validator->validate($_GET);
4 10

  
5
$pano = site_point::get($_GET['name']);
6 11

  
7
if ($pano->has_params()) {
8
  $params = $pano->get_params();
9
  $title = $params['titre'];
10
  $lat = $params['latitude'];
11
  $lon = $params['longitude'];
12
} else {
13
  $title = $__GET['name'];
14
}
15 12

  
13
if ($is_valid) {
14
  $input = $validator->sane_values();
15
  $pano = site_point::get($input['name']);
16
  
17
  if ($pano->has_params()) {
18
    $params = $pano->get_params();
19
    $title = $params['titre'];
20
    $lat = $params['latitude'];
21
    $lon = $params['longitude'];
22
  } else {
23
    $title = $input['name'];
24
  }
16 25

  
17
$has_tiles = $pano->has_tiles();//TODO
18
$has_params = $pano->has_params();
19
$src_path = $pano->src_path();
26

  
27
  $has_tiles = $pano->has_tiles();//TODO
28
  $has_params = $pano->has_params();
29
  $src_path = $pano->src_path();
30
} else {
31
  $validation_errors = $validator->errors();
32
}
20 33
 ?>
21 34

  
22 35
<!DOCTYPE html>
......
31 44
      <h1><img src="images/tetaneutral.svg" alt="tetaneutral.net"/></h1>
32 45
    </header>
33 46
    <section id="main">
47
<?php if ($is_valid) { ?>
34 48
      <h2><?php echo $title ?></h2>
35 49
      <ul id="pano-list">
36 50
        <li>
......
58 72
          <?php } ?>
59 73
        </li>
60 74
      </ul>
75
<?php } else { 
76
  $validator->print_errors(); 
77
}?>
61 78
    </section>
62 79
    <footer class="validators"><samp>
63 80
      page validée par
panorama.php
5 5
   require 'class/utils.class.php';
6 6
   require_once 'constants.inc.php';
7 7

  
8
  $fields_spec = array(
9
    'panorama'   => array('basename'),
10
    'dir'        => array(),//fixme
11
    'to_cap'     => array('numeric'),
12
    'to_ele'     => array('numeric'),
13
    'to_zoom'     => array('numeric')
14
  );
15
  
16
  $validator = new FormValidator($fields_spec);
17
  $is_valid = $validator->validate($_GET);
18
  
19
  if ($is_valid) {
20
    $input = $validator->sane_values();
21
  } else {
22
    $validator->print_errors();
23
    die();//fixme, could be cleaner
24
  }
25
  
8 26
   $form_extpoint = file_get_contents('html/form_extpoint.html');
9 27

  
10 28
   $form_param = file_get_contents('html/form_param.html');
11 29

  
12
   if (isset($_GET['dir']) && isset($_GET['panorama'])) {
13
     $dir   = $_GET['dir'];
14
     $name  = $_GET['panorama'];
30
   if (isset($input['dir']) && isset($input['panorama'])) {
31
     $dir   = $input['dir'];
32
     $name  = $input['panorama'];
15 33
   } else {
16 34
     $dir   = PANORAMA_PATH;
17 35
     $name  = 'ttn_mediatheque';
18 36
   }
19 37
   $opt_vals = array();
20 38
   foreach(array('to_cap', 'to_ele', 'to_zoom') as $val) {
21
     if (!empty($_GET[$val])) $opt_vals[$val] = $_GET[$val];
39
     if (!empty($input[$val])) $opt_vals[$val] = $input[$val];
22 40
   }
23 41

  
24
   $base_dir = $dir.'/'.$name;
25
   $pt = new site_point($base_dir);
42
   $pt = site_point::get($input['panorama']);
43
   $base_dir = $pt->tiles_url_prefix();
26 44
   if(!$pt) die("impossible d'accéder à ".$base_dir." !\n");
27 45
   $params = $pt->get_params();
28 46
   $prefix = $pt->get_prefix();
......
140 158
       print("</div>\n");
141 159
       echo $form_extpoint;
142 160
     } elseif ($params == false ) {
143
     	$dir   = $_GET['dir'];
144
        $name  = $_GET['panorama'];
161
     	$dir   = $input['dir'];
162
        $name  = $input['panorama'];
145 163
        printf($form_param, $name, $name);
146 164
     }
147 165
     echo '<p id="info"></p>'."\n";

Formats disponibles : Unified diff