Posts by klaus.krpano

Hi,

the hit-testing/raycasting is working.

Only the 3D movement collision checking is not 'working', but this is an intended behavior of the depthmap_navigation.xml.

See here the related part:

// simple collision testing
if (settings.collision && view.oz < 200)	// do collision testing only in non-dollhouse-view
{

E.g. see this example:

krpano.com - Examples

• In normal mode there the collision checking works normally.
• But in dollhouse (object-viewing) mode the collision checking would be confusing and therefore is automatically disabled due this check.

Best regards,
Klaus

Hi,

here an example to extend krpano with a 'onlookchange' event that tracks only hlookat, vlookat and fov changes (could be extended with other view attributes too):

<action type="js" autorun="onstart">

	var view = krpano.view;
	var attrs = ["hlookat", "vlookat", "fov"];
	var prevstate = {};
	
	attrs.forEach( function(attr){ prevstate[attr] = view[attr]; });

	krpano.events.addListener("onviewchanged", function()
	{
		var haschanged = false;
		
		attrs.forEach( function(attr)
		{
			if (prevstate[attr] != view[attr])
			{
				prevstate[attr] = view[attr];
				haschanged = true;
			}
		});
		
		if (haschanged)
		{
			krpano.events.dispatch("onlookchange");
		}
	});
	
</action>

Best regards,
Klaus

Hi,

changing a webgl-rendered hotspots requires rendering/redrawing the whole view, therefore the viewchange events.

Best regards,
Klaus

Please see my post and links from above!

Either add:

adjustlevelsizes=false
adjustlevelsizesformipmapping=false

or (better):

levelsizes=...

with the specific sizes you need.

Insane! Especially the drone part!

Hi,

that means the settings are different...

Maybe try disabling the both 'adjustlevelsizes' setting, they might have been not there in 1.17:

krpano.com - Documentation - krpano Tools Config File Reference

And in case you are using hardcoded levelsizes for some reason and skip the generated xml, you should use the levelsizes setting:

krpano.com - Documentation - krpano Tools Config File Reference

Best regards,
Klaus

Hi,

for the next release I have added a -prealign=X|Y|Z option for the tool, then the prealign setting from the xml can be directly used witout any change.

Best regards,
Klaus

Hi, is the version registered?

Private works only when registered.

And what were the errors?

Quote from Fernando

By the way, is it necessary to encrypt the plugins folder and the tour.js file?

The tour.js is the krpano viewer, when it will be encrypted, the browser will be not able to load it .
That means don't encrypt that file.

When the setting 'Allow loading only private-key encrypted xml and plugin files' is enabled, then the plugins need to be encrypted as well. The encrypt tool therefore supports making public-encrypted files (like many krpano plugins) to private-encrypted ones by re-encrypting them.

There is an header in the encrypted data that that indicates if it is a public or a private encrypted file:

• when there is KENCP then it is a public encrypted file
• when there is KENCR then it is a private or custom-key encrypted file

And your tour.xml has a KENCP header, which means it is a public encrpyted file.

Soon.

Hi,

Quote from sexta

- To return the 6 perfect faces I used -rotate=ZYX,1.5,-20,-3.5
- If I use -rotate=XYZ,-3.5,-20,1.5 it doesn't give the same result.

That's normal, rotations are accumulated. A different rotation order means different values to achieve the same result.

This here should work to map the image.prealign rotations to the spheretocube -rotate setting:

• use order XZY
• and change the sign of all prealign x,y,z values

E.g.

<image ... prealign="87.845109|20.117014|-28.101291">

would become:

-rotate=XZY,-87.845109,-20.117014,28.101291

Best regards,
Klaus

Hi,

the tour.xml in your example is encrypted with the 'public-key'.

The setting 'Allow loading only private-key encrypted xml and plugin files' means that the files need to encrypted with the private-key or a custom-key.

The encryption key can be selected here in the Encrypt Tool:

Best regards,
Klaus

Hi,

I will have a look but the rotation order and the x,y,z order and signs would need to be always the same for all cases.

When they are different, then the orders and/or signs are wrong.

Best regards,
Klaus

Hi,

there is another update:

Post

RE: krpano 1.22 - Reactive APIs, ThreeJS 3D Plugin, krpano Maps, Improved Javascript APIs, Custom Encryptions

Hi,

versions 1.22.4 and 1.20.12 have been updated again: now build 2025-03-06.

The passQueryParameters setting has been improved. The values of allowed parameters are more restricted now and now not even theoretical possible injecting cases should be possible anymore, especially in version 1.20.12, which was less secure compared to 1.22.4 before.

Btw - if using Panotour Pro built tours with deep-linking, there the passQueryParameters can be changed to:

(Code, 1 line)

to keep the deep-linking working…

klaus.krpano

March 6, 2025 at 11:28 PM

Now the passQueryParameter="..." setting should be absolutely secure in any case, all parameters are now filtered very strictly.

Best regards,
Klaus

Hi,

versions 1.22.4 and 1.20.12 have been updated again: now build 2025-03-06.

The passQueryParameters setting has been improved. The values of allowed parameters are more restricted now and now not even theoretical possible injecting cases should be possible anymore, especially in version 1.20.12, which was less secure compared to 1.22.4 before.

Btw - if using Panotour Pro built tours with deep-linking, there the passQueryParameters can be changed to:

passQueryParameters="startscene,s,h,f"

to keep the deep-linking working and make the viewer secure against cross-site-scripting.

Best regards,
Klaus

Hi,

the custom key is for sharing encrypted files:

• the encrypted files can be shared publicly
• but the custom key should be shared privately

Only one that has/knows the custom key and add its to his krpano viewer will be able to load the encrypted files.

Regarding the 'allow only option' the custom-key-encrypted files are treated the same as private-encrypted files.

That means if you don't distribute the encrypted files to other users, it wouldn't matter if using private-encrypted files or custom-key-encrypted files.

Best regards,
Klaus

Lapentor is a fraud site and is not even using krpano legally!

It is blocked from any krpano updates since several years and should be avoided!

Hi,

using the String "false" was always wrong, but will be also evaluated/interpreted as false.

Using passQueryParameters:0 is the same as passQueryParameters:false but for readability I would recommend using false.

Best regards,
Klaus

Hi,

Thanks for the example - that looks quite good.

This is the deep-linking evaluation code from that example, it takes the startscene,s,h,v,f variables from passQueryParameter and then only uses them as parameters for loadscene and lookat calls:

<action name="startup">

    if (s !== null, if (startscene === null OR startscene === "undefined", set(startscene, get(s));); );
    if (startscene === null OR startscene === "undefined",
      set(startscene, pano48340);
    );
    if(startlanguage !== null AND startlanguage !== "undefined",
      set(tour_language, get(startlanguage));
    );
    if(starttime !== null AND starttime !== "undefined" AND starttime GT 0,
      set(videoscenestarttime, get(starttime));
    ,
      set(videoscenestarttime, 0);
    );
    mainloadsceneStartup(get(startscene));
    if (h !== null,
      if (v !== null,
        if (f !== null,
          lookat(get(h), get(v), get(f));
         ,
          lookat(get(h), get(v));
        );
      ,
        if (f !== null,
          lookat(get(h), get(view.vlookat), get(f));
         ,
          lookat(get(h), get(view.vlookat));
        );
      );
    ,
      if (v !== null,
        if (f !== null,
          lookat(get(view.hlookat), get(v), get(f));
         ,
          lookat(get(view.hlookat), get(v));
        );
      ,
        if (f !== null,
          lookat(get(view.hlookat), get(view.vlookat), get(f));
        );
      );
    );
  </action>

That means with this passQueryParameters setting it would be safe and deep-linking would also work:

passQueryParameters="startscene,s,h,f"

But - there is a small but - during checking now I just found that there would be still a theoretical way to inject unwanted code (only with passQueryParameter enabled), especially in version 1.20.12, version 1.22.4 is already more secure here. I will update both versions now (should be ready today), then this will be also fixed and no possibilities be left.

That means either use passQueryParamters=false (safe in all versions) or version 1.20.12 or 1.22.4 with a safe list of parameters for passQueryParamters.

Best regards,
Klaus