Révision e68abb6a
| ID | e68abb6abc2ac2a1cef359cbce41b96231193201 |
| Parent | e3ac9269 |
| Enfant | c5f89cd9 |
first steps of add_reference.php webservice : input validation/sanitization and RefPoint class
Fichiers
- ajouté
- modifié
- copié
- renommé
- supprimé
Révisions
| ajax/add_reference.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
require_once('../class/FormValidator.class.php');
|
|
| 3 |
require_once('../class/RefPoint.class.php');
|
|
| 4 |
require_once('../class/site_point.class.php');
|
|
| 5 |
|
|
| 6 |
$fields_spec = array('x' => array('required', 'numeric', 'positive'),
|
|
| 7 |
'y' => array('required', 'numeric', 'positive'),
|
|
| 8 |
'panorama' => array('required'),
|
|
| 9 |
'ref_point' => array('required'));
|
|
| 10 |
|
|
| 11 |
|
|
| 12 |
$validator = new FormValidator($fields_spec); |
|
| 13 |
if ($validator->validate($_REQUEST)) {
|
|
| 14 |
$vals = $validator->sane_values(); |
|
| 15 |
|
|
| 16 |
// temp test code |
|
| 17 |
echo '<h1>pano !</h1>'; |
|
| 18 |
$pano = site_point::get($vals['panorama']); |
|
| 19 |
var_dump($pano->get_params()); |
|
| 20 |
|
|
| 21 |
echo '<h1>ref point !</h1>'; |
|
| 22 |
$ref_point_name = urldecode($vals['ref_point']); |
|
| 23 |
var_dump(RefPoint::get($ref_point_name)); |
|
| 24 |
|
|
| 25 |
} else {
|
|
| 26 |
echo var_dump($validator->errors()); |
|
| 27 |
} |
|
| 28 |
|
|
| 29 |
// Test url : clear ;curl 'http://localhost/~jocelyn/panorama/ajax/add_reference.php?x=42&y=42&panorama=pano_couttolenc_bords_jointifs&ref_point=%C3%89glise%20saint-jacques' |
|
| 30 |
?> |
|
| class/FormValidator.class.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
class FieldValidationError extends Exception {}
|
|
| 4 |
|
|
| 5 |
class FormValidator {
|
|
| 6 |
/* A tool to validate the parameters of a request (GET/POST) against a set |
|
| 7 |
* of rules. |
|
| 8 |
* |
|
| 9 |
**/ |
|
| 10 |
private $errors; |
|
| 11 |
private $sanitized; |
|
| 12 |
public static $validator; |
|
| 13 |
public static $field_validators; |
|
| 14 |
private $format; |
|
| 15 |
|
|
| 16 |
public function __construct($format) {
|
|
| 17 |
$this->errors = array(); |
|
| 18 |
$this->sanitized = array(); |
|
| 19 |
$this->format = $format; |
|
| 20 |
} |
|
| 21 |
|
|
| 22 |
public function validate($request) {
|
|
| 23 |
/** Validate the given request |
|
| 24 |
* value dict against the validator rules. |
|
| 25 |
* |
|
| 26 |
* @param $request a dict like $_REQUEST, $_GET or $_POST |
|
| 27 |
* @returns true if valid, false else. |
|
| 28 |
*/ |
|
| 29 |
$this->errors = array(); |
|
| 30 |
$sanitized = array(); |
|
| 31 |
foreach($this->format as $fieldname => $validators) {
|
|
| 32 |
$err = false; |
|
| 33 |
$sanitized_f = false; |
|
| 34 |
foreach($validators as $validator) {
|
|
| 35 |
if ($validator == 'required') {
|
|
| 36 |
if (! isset($request[$fieldname])) {
|
|
| 37 |
$err = 'n\'est pas renseigné'; |
|
| 38 |
break; |
|
| 39 |
} else {
|
|
| 40 |
$sanitized_f = $request[$fieldname]; |
|
| 41 |
} |
|
| 42 |
} else {
|
|
| 43 |
$val = $request[$fieldname]; |
|
| 44 |
try {
|
|
| 45 |
$sanitized_f = $this->validate_field($validator, $val); |
|
| 46 |
} catch (FieldValidationError $e) {
|
|
| 47 |
$err = $e->getMessage(); |
|
| 48 |
break; |
|
| 49 |
} |
|
| 50 |
} |
|
| 51 |
} |
|
| 52 |
if ($err) {
|
|
| 53 |
$this->errors[$fieldname] = $err; |
|
| 54 |
} else {
|
|
| 55 |
$sanitized[$fieldname] = $sanitized_f; |
|
| 56 |
} |
|
| 57 |
} |
|
| 58 |
$this->sanitized = $sanitized; |
|
| 59 |
|
|
| 60 |
return ($err == false); |
|
| 61 |
} |
|
| 62 |
|
|
| 63 |
public function validate_field($validator, $content) {
|
|
| 64 |
/** Returns sanitized value if ok, throws a FieldValidationError otherwise |
|
| 65 |
*/ |
|
| 66 |
if (isset(self::$field_validators[$validator])) {
|
|
| 67 |
$f = self::$field_validators[$validator]; |
|
| 68 |
return $f($content); |
|
| 69 |
} else {
|
|
| 70 |
throw new FieldValidationError("'$validator' validator does not exist");
|
|
| 71 |
} |
|
| 72 |
} |
|
| 73 |
|
|
| 74 |
public function errors() {
|
|
| 75 |
/** An associative array form-key => error |
|
| 76 |
*/ |
|
| 77 |
return $this->errors; |
|
| 78 |
} |
|
| 79 |
|
|
| 80 |
public function sane_values() {
|
|
| 81 |
return $this->sanitized; |
|
| 82 |
} |
|
| 83 |
|
|
| 84 |
public static function register($name, $function) {
|
|
| 85 |
self::$field_validators[$name] = $function; |
|
| 86 |
} |
|
| 87 |
} |
|
| 88 |
FormValidator::$field_validators = array(); |
|
| 89 |
|
|
| 90 |
|
|
| 91 |
FormValidator::register( |
|
| 92 |
'numeric', |
|
| 93 |
function ($v) {
|
|
| 94 |
$sanitized = floatval($v); |
|
| 95 |
if ($sanitized === false) {
|
|
| 96 |
throw new FieldValidationError('n\'est pas une valeur numérique');
|
|
| 97 |
} else {
|
|
| 98 |
return $sanitized; |
|
| 99 |
} |
|
| 100 |
} |
|
| 101 |
); |
|
| 102 |
|
|
| 103 |
FormValidator::register( |
|
| 104 |
'positive', |
|
| 105 |
function ($v) {
|
|
| 106 |
if ($v < 0) {
|
|
| 107 |
throw new FieldValidationError('est négatif');
|
|
| 108 |
} else {
|
|
| 109 |
return floatval($v); |
|
| 110 |
} |
|
| 111 |
} |
|
| 112 |
); |
|
| 113 |
|
|
| 114 |
?> |
|
| class/RefPoint.class.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
require_once(dirname(__FILE__).'/../constants.inc.php'); |
|
| 3 |
|
|
| 4 |
// |
|
| 5 |
class RefPoint {
|
|
| 6 |
static $all_ref_points_cache; |
|
| 7 |
|
|
| 8 |
public static function load_if_needed() {
|
|
| 9 |
if (!isset(self::$all_ref_points_cache)) {
|
|
| 10 |
$ref_points_filename = '../ref_points.local.php'; |
|
| 11 |
if (file_exists($ref_points_filename)) {
|
|
| 12 |
require($ref_points_filename); |
|
| 13 |
self::$all_ref_points_cache = $ref_points; |
|
| 14 |
return $ref_points; |
|
| 15 |
} else {
|
|
| 16 |
return array(); |
|
| 17 |
} |
|
| 18 |
} |
|
| 19 |
return self::$all_ref_points_cache; |
|
| 20 |
} |
|
| 21 |
|
|
| 22 |
public static function get($name) {
|
|
| 23 |
self::load_if_needed(); |
|
| 24 |
return self::$all_ref_points_cache[$name]; |
|
| 25 |
} |
|
| 26 |
|
|
| 27 |
} |
|
| 28 |
?> |
|