Loremap/dyn-map/ent.rb at 7052bf11c06c1cff7e4948547e8aa1c3fee99971

Fork: 0
KoekiBrandingPJ / Loremap
Find file
Newer
Older
Loremap / dyn-map / ent.rb
HIROSE Yuuji on 3 Dec 2018 2 KB We should escape HTML related chars
Raw Blame History
#!/usr/bin/env ruby
# -*- coding: utf-8 -*-
require 'sqlite3'
require 'cgi'
require 'kconv'
require 'tmpdir'

db = "../viewerdb/db/viewer_prc.sq3"
c = CGI.new(:accept_charset=>'utf-8')
print "Content-type: text/html; charset=utf-8\n\n"

mydir=File.dirname($0)
@mapdb = SQLite3::Database.new(db)
@mapdb.results_as_hash = true
@tmpdir = ENV["TMPDIR"] || "tmp"
@resizepx = 1280
@imgprocscript = "%s/imgpublisher.sh" % mydir
reqpars = {
  'ename'	=> /^[-a-z_.0-9]+$/,
  'name'	=> /./,
  'addr'	=> /.../,
  'latlon'	=> /^\d+\.\d+,\s*\d+\.\d+$/,
  'maptype'	=> /^[-a-z_.0-9]+$/,
  'description'	=> /...../
}
def content(file)
  open(file){|f| f.read.toutf8}
end
def cat(file)
  print(content(file))
end
def db2options(selection)
  opts = ""
  @mapdb.execute("SELECT DISTINCT #{selection}") do |row|
    opts += sprintf("<option value=\"%s\">%s</option>\n",
                    CGI.escapeHTML(row[0].toutf8.gsub('"', "")),
                    CGI.escapeHTML(row[1]||row[0]||""))
  end
  opts
end
def process_data(cgi)
  test(?w, @tmpdir) or abort "Cannot output files to #{@tmpdir}"
  basename = cgi.params["ename"][0].strip.gsub(/\s/, "")
  filenames = []
  dir = Dir.mktmpdir(nil, File.expand_path(@tmpdir))
  cgi.params["photo"].each do |img|
    ext = File.extname(img.original_filename).downcase.sub(/jpeg$/, "jpg")
    fn = sprintf("%s-%d%s", basename, 1 + filenames.length, ext)
    open(dir+"/"+fn, "w"){|f| f.write(img.read)}
    filenames << fn
  end
  Dir.chdir(dir) do
    # system "ls -lF"
    pid = fork {
      exec(@imgprocscript, "-l", cgi["latlon"])
    }
  end
end

ef = content("ent-form.html")
if c.params['submitting'][0]
  invalid = false			# Validating parameters
  reqpars.each do |par, ptn|
    classholder = "__%sIV__" % par.upcase
    if !c.params[par][0] || ptn !~ c.params[par][0]
      invalid = true
      ef.gsub!(classholder, ' class="e"')
    else
      ef.gsub!(classholder, '')
    end
  end
  if invalid
    ef.gsub!("__INVALMSG__", "赤地の部分の記入が不十分です。")
  else
    ef.gsub!("__INVALMSG__", "")
    i, o = IO.pipe
    pid = fork do
      $stdout.reopen(o)			# We should substitute stdio here
      $stdin.reopen(i)			# to avoid blocking to web-client
      process_data(c)
    end
  end
else
  ef.gsub!(/__\w+IV__/, "")
end

c.params['name']=['山居倉庫']
for v in reqpars.keys
  ef.gsub!("__"+v.upcase+"__", CGI.escapeHTML(c.params[v][0]||""))
end
cat("ent-header.html")
print ef.gsub(/__{(.*)}__/) {db2options($1)}
cat("footer.html")