Projet

Général

Profil

Révision 6156a9b6

Ajouté par Jocelyn Delande il y a presque 11 ans

some request input checking/sanitization

Voir les différences:

panorama.php
5 5 
   require 'class/utils.class.php';
6 6 
   require_once 'constants.inc.php';
7 7 

  		




  
  8
  
    
  $fields_spec = array(


  		




  
  9
  
    
    'panorama'   => array('basename'),


  		




  
  10
  
    
    'dir'        => array(),//fixme


  		




  
  11
  
    
    'to_cap'     => array('numeric'),


  		




  
  12
  
    
    'to_ele'     => array('numeric'),


  		




  
  13
  
    
    'to_zoom'     => array('numeric')


  		




  
  14
  
    
  );


  		




  
  15
  
    
  


  		




  
  16
  
    
  $validator = new FormValidator($fields_spec);


  		




  
  17
  
    
  $is_valid = $validator->validate($_GET);


  		




  
  18
  
    
  


  		




  
  19
  
    
  if ($is_valid) {


  		




  
  20
  
    
    $input = $validator->sane_values();


  		




  
  21
  
    
  } else {


  		




  
  22
  
    
    $validator->print_errors();


  		




  
  23
  
    
    die();//fixme, could be cleaner


  		




  
  24
  
    
  }


  		




  
  25
  
    
  


  		




  8
  26
  
    
   $form_extpoint = file_get_contents('html/form_extpoint.html');


  		




  9
  27
  
    

  		




  10
  28
  
    
   $form_param = file_get_contents('html/form_param.html');


  		




  11
  29
  
    

  		




  12
  
  
    
   if (isset($_GET['dir']) && isset($_GET['panorama'])) {


  		




  13
  
  
    
     $dir   = $_GET['dir'];


  		




  14
  
  
    
     $name  = $_GET['panorama'];


  		




  
  30
  
    
   if (isset($input['dir']) && isset($input['panorama'])) {


  		




  
  31
  
    
     $dir   = $input['dir'];


  		




  
  32
  
    
     $name  = $input['panorama'];


  		




  15
  33
  
    
   } else {


  		




  16
  34
  
    
     $dir   = PANORAMA_PATH;


  		




  17
  35
  
    
     $name  = 'ttn_mediatheque';


  		




  18
  36
  
    
   }


  		




  19
  37
  
    
   $opt_vals = array();


  		




  20
  38
  
    
   foreach(array('to_cap', 'to_ele', 'to_zoom') as $val) {


  		




  21
  
  
    
     if (!empty($_GET[$val])) $opt_vals[$val] = $_GET[$val];


  		




  
  39
  
    
     if (!empty($input[$val])) $opt_vals[$val] = $input[$val];


  		




  22
  40
  
    
   }


  		




  23
  41
  
    

  		




  24
  
  
    
   $base_dir = $dir.'/'.$name;


  		




  25
  
  
    
   $pt = new site_point($base_dir);


  		




  
  42
  
    
   $pt = site_point::get($input['panorama']);


  		




  
  43
  
    
   $base_dir = $pt->tiles_url_prefix();


  		




  26
  44
  
    
   if(!$pt) die("impossible d'accéder à ".$base_dir." !\n");


  		




  27
  45
  
    
   $params = $pt->get_params();


  		




  28
  46
  
    
   $prefix = $pt->get_prefix();


  		




  ......




  140
  158
  
    
       print("</div>\n");


  		




  141
  159
  
    
       echo $form_extpoint;


  		




  142
  160
  
    
     } elseif ($params == false ) {


  		




  143
  
  
    
     	$dir   = $_GET['dir'];


  		




  144
  
  
    
        $name  = $_GET['panorama'];


  		




  
  161
  
    
     	$dir   = $input['dir'];


  		




  
  162
  
    
        $name  = $input['panorama'];


  		




  145
  163
  
    
        printf($form_param, $name, $name);


  		




  146
  164
  
    
     }


  		




  147
  165
  
    
     echo '<p id="info"></p>'."\n";


  		












Formats disponibles :  Unified diff