Cleaning PHP (eew)
This commit is contained in:
Thomas FORGIONE
parent
5c9390da90
commit
0bbd0fb44a
|
|
@ -21,31 +21,7 @@
|
||||||
<script src="/js/CameraContainer.js"></script>
|
<script src="/js/CameraContainer.js"></script>
|
||||||
<script src="/js/Tools.js"></script>
|
<script src="/js/Tools.js"></script>
|
||||||
<script src="/js/ProgressiveSphere.js"></script>
|
<script src="/js/ProgressiveSphere.js"></script>
|
||||||
<?php
|
<script src="js/Params.js.php?<?php echo htmlentities($_SERVER['QUERY_STRING']); ?>"></script>
|
||||||
// Set global variables
|
|
||||||
$default = 5;
|
|
||||||
$res = null;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (isset($_GET['res']))
|
|
||||||
{
|
|
||||||
$res = intval($_GET['res']);
|
|
||||||
if ($res < 1 || $res > 25)
|
|
||||||
{
|
|
||||||
throw new Exception('Variable res not set');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
throw new Exception('Variable res not set');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (Exception $e)
|
|
||||||
{
|
|
||||||
$res = $default;
|
|
||||||
}
|
|
||||||
echo "<script>var global_array = {res: " . $res . "};</script>\n";
|
|
||||||
?>
|
|
||||||
<script src="js/main.js"></script>
|
<script src="js/main.js"></script>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,39 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
// This file will generate a js script
|
||||||
|
header("Content-Type: text/javascript");
|
||||||
|
|
||||||
|
echo "params = {};\n";
|
||||||
|
echo "params.get = {};\n";
|
||||||
|
echo "params.post = {};\n";
|
||||||
|
|
||||||
|
// Next part is to check the value of the parameters
|
||||||
|
// All this is necessary, we must be sure that res is a number before
|
||||||
|
// generating js code, otherwise, a malicious user might inject js code
|
||||||
|
// For example, if we simply did
|
||||||
|
// echo "params.get.res = " . $_GET['res'] . ";\n";
|
||||||
|
// One could inject a js alert by going to
|
||||||
|
// http://localhost/stream?res=3;alert('toto')
|
||||||
|
|
||||||
|
// Default value, will be applied if the res variable is not correct
|
||||||
|
$default = 5;
|
||||||
|
$res = null;
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
// Cast res to an int and check if it's in the bounds
|
||||||
|
// res will be 0 if filter_var returns false
|
||||||
|
$res = intval(filter_var($_GET['res'], FILTER_VALIDATE_INT));
|
||||||
|
if ($res < 1 || $res > 25)
|
||||||
|
{
|
||||||
|
throw new Exception('Variable res not set');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception $e)
|
||||||
|
{
|
||||||
|
// If an exception occur, let's just set the default value
|
||||||
|
$res = $default;
|
||||||
|
}
|
||||||
|
|
||||||
|
// And finally, generate a correct js code with no possible injection
|
||||||
|
echo "params.get.res = " . $res . ";\n";
|
||||||
|
|
@ -46,7 +46,7 @@ function init() {
|
||||||
|
|
||||||
// Load the scene
|
// Load the scene
|
||||||
loader = new THREE.OBJLoader();
|
loader = new THREE.OBJLoader();
|
||||||
sphere = new ProgessiveSphere(loader, global_array.res);
|
sphere = new ProgessiveSphere(loader, params.get.res);
|
||||||
|
|
||||||
plane = new Plane(1000,1000);
|
plane = new Plane(1000,1000);
|
||||||
plane.translate(0,0,-100);
|
plane.translate(0,0,-100);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue