projects / busui.git / blobdiff
search:
summary | shortlog | log | commit | commitdiff | tree
side by side | plain
More security/sanitizing fixes
[busui.git] / layar_api.php
blob:a/layar_api.php -> blob:b/layar_api.php 
--- a/layar_api.php
+++ b/layar_api.php
@@ -6,10 +6,14 @@
 
 $max_page = 10;
 $max_results = 50;
-$page_start = 0+$_REQUEST['pageKey'];
-$page_end = $max_page+$_REQUEST['pageKey'];
+$page_start = 0+filter_var($_REQUEST['pageKey'],FILTER_SANITIZE_NUMBER_INT);
+$page_end = $max_page+filter_var($_REQUEST['pageKey'],FILTER_SANITIZE_NUMBER_INT);
 
-$url = $APIurl."/json/neareststops?lat={$_REQUEST['lat']}&lon={$_REQUEST['lon']}&limit=50";
+$lat = filter_var($_REQUEST['lat'],FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+$lon = filter_var($_REQUEST['lon'],FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+if (isset($_REQUEST['radius'])) $radius = filter_var($_REQUEST['radius'],FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+
+$url = $APIurl."/json/neareststops?lat=$lat&lon=$lon&limit=50";
 $contents = json_decode(getPage($url));
 debug(print_r($contents,true));
 $stopNum = 0;
@@ -24,7 +28,7 @@
         $hotspot['lat'] = floor($row[2]*1000000);
         $hotspot['lon'] = floor($row[3]*1000000);
         $hotspot['distance'] = distance($row[2], $row[3], $_REQUEST['lat'], $_REQUEST['lon']);
-        if (!isset($_REQUEST['radius']) || $hotspot['distance'] < $_REQUEST['radius']) {
+        if (!isset($_REQUEST['radius']) || $hotspot['distance'] < $radius) {
             $hotspot['actions'] = Array(Array("label" => 'View more trips/information', 'uri' => 'http://bus.lambdacomplex.org/'.'stop.php?stopid='.$row[0]));
             $url = $APIurl."/json/stoptrips?stop=".$row[0]."&time=".midnight_seconds()."&service_period=".service_period()."&limit=4&time_range=".str(90*60);
             $trips = json_decode(getPage($url));
Unnamed repository; edit this file to name it for gitweb.
GitPHP by Chris Han