projects / busui.git / blobdiff
search:
summary | shortlog | log | commit | commitdiff | tree
side by side | plain
More security/sanitizing fixes
[busui.git] / stop.php
blob:a/stop.php -> blob:b/stop.php 
--- a/stop.php
+++ b/stop.php
@@ -1,6 +1,7 @@
 <?php
 include('common.inc.php');
-$url = $APIurl."/json/stop?stop_id=".$_REQUEST['stopid'];
+$stopid = filter_var($_REQUEST['stopid'],FILTER_SANITIZE_NUMBER_INT);
+$url = $APIurl."/json/stop?stop_id=".$stopid;
 $stop = json_decode(getPage($url));
 
 include_header($stop[1],"stop");
@@ -14,22 +15,22 @@
 // Set the Event Type, in this case a "video_play"
 $event->setEventType('view_stop');
 // Set a property
-$event->set('stop_id',$_REQUEST['stopid']);
+$event->set('stop_id',$stopid);
 // Track the event
 $owa->trackEvent($event);
     }
 timePlaceSettings();
 echo '<div data-role="content" class="ui-content" role="main"><p>'.staticmap(Array(0 => Array($stop[2],$stop[3]))).'</p>';
 echo '  <ul data-role="listview"  data-inset="true">';
-$url = $APIurl."/json/stoptrips?stop=".$_REQUEST['stopid']."&time=".midnight_seconds()."&service_period=".service_period();
+$url = $APIurl."/json/stoptrips?stop=".$stopid."&time=".midnight_seconds()."&service_period=".service_period();
 $trips = json_decode(getPage($url));
 debug(print_r($trips,true));
 foreach ($trips as $row)
 {
 echo  '<li>';
-echo '<h3><a href="trip.php?stopid='.$_REQUEST['stopid'].'&tripid='.$row[1][0].'">'.$row[1][1];
+echo '<h3><a href="trip.php?stopid='.$stopid.'&tripid='.$row[1][0].'">'.$row[1][1];
 if (isFastDevice()) {
-    $viaPoints = viaPointNames($row[1][0],$_REQUEST['stopid']);
+    $viaPoints = viaPointNames($row[1][0],$stopid);
     if ($viaPoints != "") echo '<br><small>Via: '.$viaPoints.'</small> </a></h3>';
 }
 echo '<p class="ui-li-aside"><strong>'.midnight_seconds_to_time($row[0]).'</strong></p>';
Unnamed repository; edit this file to name it for gitweb.
GitPHP by Chris Han