Cleaning PHP (eew)
This commit is contained in:
parent
5c9390da90
commit
0bbd0fb44a
|
@ -21,31 +21,7 @@
|
|||
<script src="/js/CameraContainer.js"></script>
|
||||
<script src="/js/Tools.js"></script>
|
||||
<script src="/js/ProgressiveSphere.js"></script>
|
||||
<?php
|
||||
// Set global variables
|
||||
$default = 5;
|
||||
$res = null;
|
||||
try
|
||||
{
|
||||
if (isset($_GET['res']))
|
||||
{
|
||||
$res = intval($_GET['res']);
|
||||
if ($res < 1 || $res > 25)
|
||||
{
|
||||
throw new Exception('Variable res not set');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception('Variable res not set');
|
||||
}
|
||||
}
|
||||
catch (Exception $e)
|
||||
{
|
||||
$res = $default;
|
||||
}
|
||||
echo "<script>var global_array = {res: " . $res . "};</script>\n";
|
||||
?>
|
||||
<script src="js/Params.js.php?<?php echo htmlentities($_SERVER['QUERY_STRING']); ?>"></script>
|
||||
<script src="js/main.js"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
<?php
|
||||
|
||||
// This file will generate a js script
|
||||
header("Content-Type: text/javascript");
|
||||
|
||||
echo "params = {};\n";
|
||||
echo "params.get = {};\n";
|
||||
echo "params.post = {};\n";
|
||||
|
||||
// Next part is to check the value of the parameters
|
||||
// All this is necessary, we must be sure that res is a number before
|
||||
// generating js code, otherwise, a malicious user might inject js code
|
||||
// For example, if we simply did
|
||||
// echo "params.get.res = " . $_GET['res'] . ";\n";
|
||||
// One could inject a js alert by going to
|
||||
// http://localhost/stream?res=3;alert('toto')
|
||||
|
||||
// Default value, will be applied if the res variable is not correct
|
||||
$default = 5;
|
||||
$res = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Cast res to an int and check if it's in the bounds
|
||||
// res will be 0 if filter_var returns false
|
||||
$res = intval(filter_var($_GET['res'], FILTER_VALIDATE_INT));
|
||||
if ($res < 1 || $res > 25)
|
||||
{
|
||||
throw new Exception('Variable res not set');
|
||||
}
|
||||
}
|
||||
catch (Exception $e)
|
||||
{
|
||||
// If an exception occur, let's just set the default value
|
||||
$res = $default;
|
||||
}
|
||||
|
||||
// And finally, generate a correct js code with no possible injection
|
||||
echo "params.get.res = " . $res . ";\n";
|
|
@ -46,7 +46,7 @@ function init() {
|
|||
|
||||
// Load the scene
|
||||
loader = new THREE.OBJLoader();
|
||||
sphere = new ProgessiveSphere(loader, global_array.res);
|
||||
sphere = new ProgessiveSphere(loader, params.get.res);
|
||||
|
||||
plane = new Plane(1000,1000);
|
||||
plane.translate(0,0,-100);
|
||||
|
|
Loading…
Reference in New Issue