projects / busui.git / blobdiff
search:
summary | shortlog | log | commit | commitdiff | tree
side by side | plain
More security/sanitizing fixes
[busui.git] / common.inc.php
blob:a/common.inc.php -> blob:b/common.inc.php 
--- a/common.inc.php
+++ b/common.inc.php
@@ -23,8 +23,8 @@
  if (isset($_REQUEST['geolocate'])) {
    $geocoded = false;
    if (isset($_REQUEST['lat']) && isset($_REQUEST['lon'])) {
-      $_SESSION['lat'] = $_REQUEST['lat'];
-        $_SESSION['lon'] = $_REQUEST['lon'];
+      $_SESSION['lat'] = filter_var($_REQUEST['lat'],FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+        $_SESSION['lon'] = filter_var($_REQUEST['lon'],FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
    } else {
     $contents = geocode(filter_var($_REQUEST['geolocate'],FILTER_SANITIZE_URL),true);
     if (isset($contents[0]->centroid)) {
Unnamed repository; edit this file to name it for gitweb.
GitPHP by Chris Han