Escape GET variables centrally
--- a/include/common-template.inc.php
+++ b/include/common-template.inc.php
@@ -182,7 +182,7 @@
if ($opendiv) {
echo '<div data-role="page">
<div data-role="header" data-position="inline">
- <a href="' . $_SERVER["HTTP_REFERER"] . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a>
+ <a href="' . (isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "javascript:history.go(-1)") . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a>
<h1>' . $pageTitle . '</h1>
<a href="/index.php" data-icon="home" class="ui-btn-right">Home</a>
</div><!-- /header -->
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -6,7 +6,7 @@
"phperror",
"awsotp",
//"squallotp",
- //"vanilleotp",
+ "vanilleotp",
"database",
"other"
);
@@ -33,6 +33,7 @@
include_once ("common-session.inc.php");
include_once ("common-db.inc.php");
include_once ("common-template.inc.php");
+include_once ("common-request.inc.php");
function isDebugServer()
{
--- a/index.php
+++ b/index.php
@@ -13,14 +13,14 @@
<li data-role="list-divider">Timetables - Stops</li>
<li><a href="stopList.php">Major (Timing Point) Stops</a></li>
<li><a href="stopList.php?allstops=yes">All Stops</a></li>
- <li><a href="stopList.php?suburbs=yes">Stops By Suburb</a></li>
+ <li><a href="stopList.php?bysuburbs=yes">Stops By Suburb</a></li>
<li><a class="nearby" href="stopList.php?nearby=yes">Nearby Stops</a></li>
</ul>
<ul data-role="listview" data-inset="true" data-theme="c" data-dividertheme="b">
<li data-role="list-divider">Timetables - Routes</li>
<li><a href="routeList.php">Routes By Final Destination</a></li>
<li><a href="routeList.php?bynumber=yes">Routes By Number</a></li>
- <li><a href="routeList.php?bysuburb=yes">Routes By Suburb</a></li>
+ <li><a href="routeList.php?bysuburbs=yes">Routes By Suburb</a></li>
<li><a class="nearby" href="routeList.php?nearby=yes">Nearby Routes</a></li>
</ul>
<?php
--- a/labs/networkstats.php
+++ b/labs/networkstats.php
@@ -31,7 +31,6 @@
<?php
// middle of graph = 6am
$adjustFactor = 0;
-$routeid = ($_REQUEST['routeid'] ? filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT) : 0);
$route = getRoute($routeid);
echo "<h1>{$route['route_short_name']} {$route['route_long_name']}</h1>";
foreach (getRouteTrips($routeid) as $key => $trip) {
--- a/labs/tripPlannerTester.kml.php
+++ b/labs/tripPlannerTester.kml.php
@@ -49,7 +49,7 @@
"latdeltasize" => $latdeltasize,
"londeltasize" => $londeltasize,
"regionname" => $md['key'],
- "plan" => $plan . "<br/><a href='" . htmlspecialchars($url) . "'>original plan</a>"
+ "plan" => $plan . '<br/><a href="' . htmlspecialchars($md['url']) . '">original plan</a>'
);
$regionTimes[] = $time;
}
@@ -137,8 +137,8 @@
"finishlon" => 149.1243,
)
);
-$latdeltasize = 0.025;
-$londeltasize = 0.025;
+$latdeltasize = 0.005;
+$londeltasize = 0.005;
$from = "Wattle Street";
$fromPlace = (startsWith($from, "-") ? $from : geocode($from, false));
$startTime = "9:00 am";
@@ -147,6 +147,7 @@
$regionTimes = Array();
$testRegions = Array();
$useragent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
+if ($kml) echo "<name> $from at $startTime on $startDate </name>";
if ($csv) echo "<pre>";
if ($csv) echo "lat,lon,time,latdeltasize, londeltasize, region key name\n";
$rc = new RollingCurl("processResult_cb");
@@ -155,11 +156,12 @@
for ($i = $boundingBox['startlat']; $i >= $boundingBox['finishlat']; $i-= $latdeltasize) {
for ($j = $boundingBox['startlon']; $j <= $boundingBox['finishlon']; $j+= $londeltasize) {
$url = $otpAPIurl . "ws/plan?date=" . urlencode($startDate) . "&time=" . urlencode($startTime) . "&mode=TRANSIT%2CWALK&optimize=QUICK&maxWalkDistance=440&wheelchair=false&toPlace=" . $i . "," . $j . "&fromPlace=$fromPlace";
+ //debug($url);
$request = new RollingCurlRequest($url);
$request->headers = Array(
"Accept: application/json"
);
- $request->metadata = Array( "i" => $i, "j" => $j, "key" => $key);
+ $request->metadata = Array( "i" => $i, "j" => $j, "key" => $key, "url" => $url);
$rc->add($request);
}
}
@@ -171,15 +173,14 @@
//$maxTime = max($regionTimes);
//$rangeTime = $maxTime - $minTime;
//$deltaTime = $rangeTime / $colorSteps;
-// $Gradients = Gradient(strrev("66FF00") , strrev("FF0000") , $colorSteps); // KML is BGR not RGB so strrev
- $Gradients = Gradient("66FF00" , "FF0000" , $colorSteps); // KML is BGR not RGB so strrev
+ $Gradients = Gradient(strrev("66FF00") , strrev("FF0000") , $colorSteps); // KML is BGR not RGB so strrev
foreach ($testRegions as $testRegion) {
//$band = (floor(($testRegion[time] - $minTime) / $deltaTime));
$band = (floor($testRegion[time] / 10));
if ($band > $colorSteps) $band = $colorSteps;
echo "<Placemark>
<name>" . $testRegion['regionname'] . " time {$testRegion['time']} band $band</name>
- <description> {$testRegion['plan']} </description>
+ <description> <![CDATA[ {$testRegion['plan']} ]]> </description>
<Style>
<PolyStyle>
<color>c7" . $Gradients[$band] . "</color>" . // 7f = 50% alpha, c7=78%
--- a/labs/tripPlannerTester.php
+++ b/labs/tripPlannerTester.php
@@ -3,7 +3,9 @@
<script src="openlayers/OpenLayers.js"></script>
<SCRIPT TYPE="text/javascript" SRC="OpenStreetMap.js"></SCRIPT>
<script type="text/javascript">
-
+ var map,select;
+
+
function init()
{
var extent = new OpenLayers.Bounds(148.98, -35.48, 149.25, -35.15);
@@ -16,13 +18,13 @@
};
// create the ol map object
- var map = new OpenLayers.Map('map', options);
+ map = new OpenLayers.Map('map', options);
var osmtiles = new OpenLayers.Layer.OSM("OSM");
var nearmap = new OpenLayers.Layer.OSM.NearMap("NearMap");
- var tripplantest = new OpenLayers.Layer.GML("tripplantest", "tripPlannerTester.kml.php", {
+ var tripplantest = new OpenLayers.Layer.GML("tripplantest", "tripPlannerTester.kml", {
format: OpenLayers.Format.KML,
formatOptions: {
extractStyles: true,
@@ -44,9 +46,45 @@
{
displayProjection: new OpenLayers.Projection("EPSG:900913")
}));
+
+ select = new OpenLayers.Control.SelectFeature(tripplantest);
+
+ tripplantest.events.on({
+ "featureselected": onFeatureSelect,
+ "featureunselected": onFeatureUnselect
+ });
+
+ map.addControl(select);
+ select.activate();
}
-
+ function onPopupClose(evt) {
+ select.unselectAll();
+ }
+ function onFeatureSelect(event) {
+ var feature = event.feature;
+ // Since KML is user-generated, do naive protection against
+ // Javascript.
+ var content = "<h2>"+feature.attributes.name + "</h2>" + feature.attributes.description;
+ if (content.search("<script") != -1) {
+ content = "Content contained Javascript! Escaped content below.<br />" + content.replace(/</g, "<");
+ }
+ popup = new OpenLayers.Popup.FramedCloud("chicken",
+ feature.geometry.getBounds().getCenterLonLat(),
+ new OpenLayers.Size(100,100),
+ content,
+ null, true, onPopupClose);
+ feature.popup = popup;
+ map.addPopup(popup);
+ }
+ function onFeatureUnselect(event) {
+ var feature = event.feature;
+ if(feature.popup) {
+ map.removePopup(feature.popup);
+ feature.popup.destroy();
+ delete feature.popup;
+ }
+ }
</script>
</head>
--- a/layar_api.php
+++ b/layar_api.php
@@ -5,11 +5,8 @@
$output['layer'] = "canberrabusstops";
$max_page = 10;
$max_results = 50;
-$page_start = 0 + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$page_end = $max_page + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
+$page_start = 0 + $pageKey;
+$page_end = $max_page + $pageKey;
$contents = getNearbyStops($lat, $lon, 50, $max_distance);
$stopNum = 0;
foreach ($contents as $stop) {
--- a/routeList.php
+++ b/routeList.php
@@ -7,72 +7,70 @@
<ul>
<li><a href="routeList.php">By Final Destination...</a></li>
<li><a href="routeList.php?bynumber=yes">By Number... </a></li>
- <li><a href="routeList.php?bysuburb=yes">By Suburb... </a></li>
+ <li><a href="routeList.php?bysuburbs=yes">By Suburb... </a></li>
<li><a href="routeList.php?nearby=yes">Nearby... </a></li>
</ul>
</div>
';
}
-if ($_REQUEST['bysuburb']) {
+if (isset($bysuburbs)) {
include_header("Routes by Suburb", "routeList");
navbar();
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($_REQUEST['firstLetter'])) {
+ if (!isset($firstLetter)) {
foreach (range('A', 'Z') as $letter) {
- echo "<li><a href=\"routeList.php?firstLetter=$letter&bysuburb=yes\">$letter...</a></li>\n";
+ echo "<li><a href=\"routeList.php?firstLetter=$letter&bysuburbs=yes\">$letter...</a></li>\n";
}
}
else {
foreach ($suburbs as $suburb) {
- if (startsWith($suburb, $_REQUEST['firstLetter'])) {
+ if (startsWith($suburb, $firstLetter)) {
echo '<li><a href="routeList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
}
}
}
echo '</ul>';
}
-else if ($_REQUEST['nearby'] || $_REQUEST['suburb']) {
+else if (isset($nearby) || isset($suburb)) {
$routes = Array();
- if ($_REQUEST['suburb']) {
- $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
- include_header($suburb ." - ".ucwords(service_period()), "routeList");
- navbar();
- timePlaceSettings();
- trackEvent("Route Lists", "Routes By Suburb", $suburb);
- $routes = getRoutesBySuburb($suburb);
-
+ if ($suburb) {
+ include_header($suburb . " - " . ucwords(service_period()) , "routeList");
+ navbar();
+ timePlaceSettings();
+ trackEvent("Route Lists", "Routes By Suburb", $suburb);
+ $routes = getRoutesbysuburbs($suburb);
}
- if ($_REQUEST['nearby']) {
+ if (isset($nearby)) {
include_header("Routes Nearby", "routeList", true, true);
- trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
- navbar();
- timePlaceSettings(true);
+ trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
+ navbar();
+ timePlaceSettings(true);
if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
include_footer();
die();
}
- $routes = getRoutesNearby($_SESSION['lat'],$_SESSION['lon']);
+ $routes = getRoutesNearby($_SESSION['lat'], $_SESSION['lon']);
}
-
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if ($routes) {
- foreach ($routes as $route) {
- echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
- if ($_REQUEST['nearby']) {
- $time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
- echo '<span class="ui-li-count">'.($time['arrival_time']?$time['arrival_time']:"No more trips today")."<br>" .floor($route['distance']) . 'm away</span>';
+ if ($routes) {
+ foreach ($routes as $route) {
+ echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
+ if (isset($nearby)) {
+ $time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
+ echo '<span class="ui-li-count">' . ($time['arrival_time'] ? $time['arrival_time'] : "No more trips today") . "<br>" . floor($route['distance']) . 'm away</span>';
+ }
+ echo "</a></li>\n";
}
- echo "</a></li>\n";
}
- } else {
- echo "<li style='text-align: center;'> No routes nearby.</li>";
- }
+ else {
+ echo "<li style='text-align: center;'> No routes nearby.</li>";
+ }
}
-else if ($_REQUEST['bynumber'] || $_REQUEST['numberSeries']) {
+else if (isset($bynumber) || isset($numberSeries)) {
include_header("Routes by Number", "routeList");
navbar();
echo ' <ul data-role="listview" data-inset="true">';
- if ($_REQUEST['bynumber']) {
+ if (isset($bynumber)) {
$routes = getRoutesByNumber();
$routeSeries = Array();
$seriesRange = Array();
@@ -101,8 +99,8 @@
echo "</a></li>\n";
}
}
- else if ($_REQUEST['numberSeries']) {
- $routes = getRoutesByNumber($_REQUEST['numberSeries']);
+ else if ($numberSeries) {
+ $routes = getRoutesByNumber($numberSeries);
foreach ($routes as $route) {
echo '<li> <a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
}
@@ -112,8 +110,8 @@
include_header("Routes by Destination", "routeList");
navbar();
echo ' <ul data-role="listview" data-inset="true">';
- if ($_REQUEST['routeDestination']) {
- foreach (getRoutesByDestination(urldecode($_REQUEST['routeDestination'])) as $route) {
+ if (isset($routeDestination)) {
+ foreach (getRoutesByDestination($routeDestination) as $route) {
echo '<li><a href="trip.php?routeid=' . $route["route_id"] . '"><h3>' . $route["route_short_name"] . '</h3><p>' . $route["route_long_name"] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
}
}
--- a/stop.php
+++ b/stop.php
@@ -1,7 +1,5 @@
<?php
include ('include/common.inc.php');
-$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-$stopcode = filter_var($_REQUEST['stopcode'], FILTER_SANITIZE_STRING);
if ($stopid) $stop = getStop($stopid);
/*if ($stopcode != "" && $stop[5] != $stopcode) {
$url = $APIurl . "/json/stopcodesearch?q=" . $stopcode;
@@ -21,8 +19,7 @@
$allStopsTrips = Array();
$fetchedTripSequences = Array();
$stopLinks = "";
-if (isset($_REQUEST['stopids'])) {
- $stopids = explode(",", filter_var($_REQUEST['stopids'], FILTER_SANITIZE_STRING));
+if (isset($stopids)) {
foreach ($stopids as $sub_stopid) {
$stops[] = getStop($sub_stopid);
}
--- a/stopList.php
+++ b/stopList.php
@@ -1,17 +1,13 @@
<?php
include ('include/common.inc.php');
$stops = Array();
-function filterByFirstLetter($var)
-{
- return $var[1][0] == $_REQUEST['firstLetter'];
-}
function navbar()
{
echo '
<div data-role="navbar">
<ul>
<li><a href="stopList.php">Timing Points</a></li>
- <li><a href="stopList.php?suburbs=yes">By Suburb</a></li>
+ <li><a href="stopList.php?bysuburbs=yes">By Suburb</a></li>
<li><a href="stopList.php?nearby=yes">Nearby Stops</a></li>
<li><a href="stopList.php?allstops=yes">All Stops</a></li>
</ul>
@@ -19,18 +15,18 @@
';
}
// By suburb
-if (isset($_REQUEST['suburbs'])) {
+if (isset($bysuburbs)) {
include_header("Stops by Suburb", "stopList");
navbar();
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($_REQUEST['firstLetter'])) {
+ if (!isset($firstLetter)) {
foreach (range('A', 'Z') as $letter) {
- echo "<li><a href=\"stopList.php?firstLetter=$letter&suburbs=yes\">$letter...</a></li>\n";
+ echo "<li><a href=\"stopList.php?firstLetter=$letter&bysuburbs=yes\">$letter...</a></li>\n";
}
}
else {
foreach ($suburbs as $suburb) {
- if (startsWith($suburb, $_REQUEST['firstLetter'])) {
+ if (startsWith($suburb, $firstLetter)) {
echo '<li><a href="stopList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
}
}
@@ -39,41 +35,39 @@
}
else {
// Timing Points / All stops
- if ($_REQUEST['allstops']) {
+ if (isset($allstops)) {
$listType = 'allstops=yes';
$stops = getStops();
include_header("All Stops", "stopList");
navbar();
timePlaceSettings();
}
- else if ($_REQUEST['nearby']) {
+ else if (isset($nearby)) {
$listType = 'nearby=yes';
include_header("Nearby Stops", "stopList", true, true);
- trackEvent("Stop Lists","Stops Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
+ trackEvent("Stop Lists", "Stops Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
navbar();
timePlaceSettings(true);
if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
include_footer();
die();
}
-
- $stops = getNearbyStops($_SESSION['lat'],$_SESSION['lon'],15);
+ $stops = getNearbyStops($_SESSION['lat'], $_SESSION['lon'], 15);
}
- else if ($_REQUEST['suburb']) {
- $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
+ else if (isset($suburb)) {
$stops = getStopsBySuburb($suburb);
include_header("Stops in " . ucwords($suburb) , "stopList");
navbar();
- trackEvent("Stop Lists","Stops By Suburb", $suburb);
+ trackEvent("Stop Lists", "Stops By Suburb", $suburb);
}
else {
- $stops = getStops(true,$_REQUEST['firstLetter']);
+ $stops = getStops(true, $firstLetter);
include_header("Timing Points / Major Stops", "stopList");
navbar();
timePlaceSettings();
}
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($_REQUEST['firstLetter']) && !$_REQUEST['suburb'] && !$_REQUEST['nearby']) {
+ if (!isset($firstLetter) && !isset($suburb) && !isset($nearby)) {
foreach (range('A', 'Z') as $letter) {
echo "<li><a href=\"stopList.php?firstLetter=$letter&$listType\">$letter...</a></li>\n";
}
@@ -91,11 +85,12 @@
if (!startsWith($stopsGrouped['stop_codes'][0], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point: " class="ui-li-icon">';
echo '<a href="stop.php?stopids=' . implode(",", $stopsGrouped['stop_ids']) . '">';
if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
- echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+ echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
}
echo bracketsMeanNewLine(trim(preg_replace("/\(Platform.*/", "", $stop['stop_name'])) . '(' . sizeof($stopsGrouped["stop_ids"]) . ' stops)');
echo "</a></li>\n";
- flush(); @ob_flush();
+ flush();
+ @ob_flush();
$stopsGrouped = Array();
}
else {
@@ -104,11 +99,12 @@
if (!startsWith($stop['stop_code'], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point" class="ui-li-icon">';
echo '<a href="stop.php?stopid=' . $stop['stop_id'] . (startsWith($stop['stop_code'], "Wj") ? '&stopcode=' . $stop['stop_code'] : "") . '">';
if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
- echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+ echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
}
echo bracketsMeanNewLine($stop['stop_name']);
echo "</a></li>\n";
- flush(); @ob_flush();
+ flush();
+ @ob_flush();
}
}
else {
--- a/trip.php
+++ b/trip.php
@@ -1,12 +1,9 @@
<?php
include ('include/common.inc.php');
-$tripid = filter_var($_REQUEST['tripid'], FILTER_SANITIZE_NUMBER_INT);
-$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-$routeid = filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT);
$routetrips = Array();
-if ($_REQUEST['routeid'] && !$_REQUEST['tripid']) {
+if (isset($routeid) && !isset($tripid)) {
$trip = getRouteNextTrip($routeid);
$tripid = $trip['trip_id'];
} else {