source: subversion/sites/tile.openstreetmap.org/tile_details.rb @ 3634

Revision 3634, 874 bytes checked in by jonb, 7 years ago (diff)

tile_details.rb: sanitise CGI input

  • Property svn:executable set to *
Line 
1require 'cgi'
2
3cgi = CGI.new
4
5module Foo
6  require 'mysql'
7  require 'date'
8  require 'time'
9  require 'singleton'
10
11  class Bar
12    def call_local_sql
13      dbh = nil
14      begin
15        dbh = Mysql.real_connect('localhost', 'tile', 'tile', 'tile')
16        sql = yield
17        res = dbh.query(sql)
18return res #        if res.nil? then return true else return res end
19      rescue MysqlError =>ex
20        puts ex
21      ensure
22        dbh.close unless dbh.nil?
23      end
24      nil
25    end
26  end
27end
28x = cgi['x'].to_i
29y = cgi['y'].to_i
30z = cgi['z'].to_i
31
32if z and (z > 18 or z < 0)
33  exit
34end
35
36fb = Foo::Bar.new
37
38res = fb.call_local_sql { "select dirty_t, created_at from tiles where x=#{x} and y=#{y} and z=#{z} limit 1" }
39if res.nil?
40  exit
41end
42
43res.each_hash do |row|
44  puts "tile created at #{row['created_at']}"
45  puts "tile is awaiting re-render: #{row['dirty_t']}"
46end
47
Note: See TracBrowser for help on using the repository browser.