Escape GET variables centrally
--- a/include/common-template.inc.php
+++ b/include/common-template.inc.php
@@ -182,7 +182,7 @@
if ($opendiv) {
echo '<div data-role="page">
<div data-role="header" data-position="inline">
- <a href="' . $_SERVER["HTTP_REFERER"] . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a>
+ <a href="' . (isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "javascript:history.go(-1)") . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a>
<h1>' . $pageTitle . '</h1>
<a href="/index.php" data-icon="home" class="ui-btn-right">Home</a>
</div><!-- /header -->
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -33,6 +33,7 @@
include_once ("common-session.inc.php");
include_once ("common-db.inc.php");
include_once ("common-template.inc.php");
+include_once ("common-request.inc.php");
function isDebugServer()
{
--- a/index.php
+++ b/index.php
@@ -13,14 +13,14 @@
<li data-role="list-divider">Timetables - Stops</li>
<li><a href="stopList.php">Major (Timing Point) Stops</a></li>
<li><a href="stopList.php?allstops=yes">All Stops</a></li>
- <li><a href="stopList.php?suburbs=yes">Stops By Suburb</a></li>
+ <li><a href="stopList.php?bysuburbs=yes">Stops By Suburb</a></li>
<li><a class="nearby" href="stopList.php?nearby=yes">Nearby Stops</a></li>
</ul>
<ul data-role="listview" data-inset="true" data-theme="c" data-dividertheme="b">
<li data-role="list-divider">Timetables - Routes</li>
<li><a href="routeList.php">Routes By Final Destination</a></li>
<li><a href="routeList.php?bynumber=yes">Routes By Number</a></li>
- <li><a href="routeList.php?bysuburb=yes">Routes By Suburb</a></li>
+ <li><a href="routeList.php?bysuburbs=yes">Routes By Suburb</a></li>
<li><a class="nearby" href="routeList.php?nearby=yes">Nearby Routes</a></li>
</ul>
<?php
--- a/labs/networkstats.php
+++ b/labs/networkstats.php
@@ -31,7 +31,6 @@
<?php
// middle of graph = 6am
$adjustFactor = 0;
-$routeid = ($_REQUEST['routeid'] ? filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT) : 0);
$route = getRoute($routeid);
echo "<h1>{$route['route_short_name']} {$route['route_long_name']}</h1>";
foreach (getRouteTrips($routeid) as $key => $trip) {
--- a/layar_api.php
+++ b/layar_api.php
@@ -5,11 +5,8 @@
$output['layer'] = "canberrabusstops";
$max_page = 10;
$max_results = 50;
-$page_start = 0 + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$page_end = $max_page + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
+$page_start = 0 + $pageKey;
+$page_end = $max_page + $pageKey;
$contents = getNearbyStops($lat, $lon, 50, $max_distance);
$stopNum = 0;
foreach ($contents as $stop) {
--- a/routeList.php
+++ b/routeList.php
@@ -7,72 +7,70 @@
<ul>
<li><a href="routeList.php">By Final Destination...</a></li>
<li><a href="routeList.php?bynumber=yes">By Number... </a></li>
- <li><a href="routeList.php?bysuburb=yes">By Suburb... </a></li>
+ <li><a href="routeList.php?bysuburbs=yes">By Suburb... </a></li>
<li><a href="routeList.php?nearby=yes">Nearby... </a></li>
</ul>
</div>
';
}
-if ($_REQUEST['bysuburb']) {
+if (isset($bysuburbs)) {
include_header("Routes by Suburb", "routeList");
navbar();
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($_REQUEST['firstLetter'])) {
+ if (!isset($firstLetter)) {
foreach (range('A', 'Z') as $letter) {
- echo "<li><a href=\"routeList.php?firstLetter=$letter&bysuburb=yes\">$letter...</a></li>\n";
+ echo "<li><a href=\"routeList.php?firstLetter=$letter&bysuburbs=yes\">$letter...</a></li>\n";
}
}
else {
foreach ($suburbs as $suburb) {
- if (startsWith($suburb, $_REQUEST['firstLetter'])) {
+ if (startsWith($suburb, $firstLetter)) {
echo '<li><a href="routeList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
}
}
}
echo '</ul>';
}
-else if ($_REQUEST['nearby'] || $_REQUEST['suburb']) {
+else if (isset($nearby) || isset($suburb)) {
$routes = Array();
- if ($_REQUEST['suburb']) {
- $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
- include_header($suburb ." - ".ucwords(service_period()), "routeList");
- navbar();
- timePlaceSettings();
- trackEvent("Route Lists", "Routes By Suburb", $suburb);
- $routes = getRoutesBySuburb($suburb);
-
+ if ($suburb) {
+ include_header($suburb . " - " . ucwords(service_period()) , "routeList");
+ navbar();
+ timePlaceSettings();
+ trackEvent("Route Lists", "Routes By Suburb", $suburb);
+ $routes = getRoutesbysuburbs($suburb);
}
- if ($_REQUEST['nearby']) {
+ if (isset($nearby)) {
include_header("Routes Nearby", "routeList", true, true);
- trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
- navbar();
- timePlaceSettings(true);
+ trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
+ navbar();
+ timePlaceSettings(true);
if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
include_footer();
die();
}
- $routes = getRoutesNearby($_SESSION['lat'],$_SESSION['lon']);
+ $routes = getRoutesNearby($_SESSION['lat'], $_SESSION['lon']);
}
-
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if ($routes) {
- foreach ($routes as $route) {
- echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
- if ($_REQUEST['nearby']) {
- $time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
- echo '<span class="ui-li-count">'.($time['arrival_time']?$time['arrival_time']:"No more trips today")."<br>" .floor($route['distance']) . 'm away</span>';
+ if ($routes) {
+ foreach ($routes as $route) {
+ echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
+ if (isset($nearby)) {
+ $time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
+ echo '<span class="ui-li-count">' . ($time['arrival_time'] ? $time['arrival_time'] : "No more trips today") . "<br>" . floor($route['distance']) . 'm away</span>';
+ }
+ echo "</a></li>\n";
}
- echo "</a></li>\n";
}
- } else {
- echo "<li style='text-align: center;'> No routes nearby.</li>";
- }
+ else {
+ echo "<li style='text-align: center;'> No routes nearby.</li>";
+ }
}
-else if ($_REQUEST['bynumber'] || $_REQUEST['numberSeries']) {
+else if (isset($bynumber) || isset($numberSeries)) {
include_header("Routes by Number", "routeList");
navbar();
echo ' <ul data-role="listview" data-inset="true">';
- if ($_REQUEST['bynumber']) {
+ if (isset($bynumber)) {
$routes = getRoutesByNumber();
$routeSeries = Array();
$seriesRange = Array();
@@ -101,8 +99,8 @@
echo "</a></li>\n";
}
}
- else if ($_REQUEST['numberSeries']) {
- $routes = getRoutesByNumber($_REQUEST['numberSeries']);
+ else if ($numberSeries) {
+ $routes = getRoutesByNumber($numberSeries);
foreach ($routes as $route) {
echo '<li> <a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
}
@@ -112,8 +110,8 @@
include_header("Routes by Destination", "routeList");
navbar();
echo ' <ul data-role="listview" data-inset="true">';
- if ($_REQUEST['routeDestination']) {
- foreach (getRoutesByDestination(urldecode($_REQUEST['routeDestination'])) as $route) {
+ if (isset($routeDestination)) {
+ foreach (getRoutesByDestination($routeDestination) as $route) {
echo '<li><a href="trip.php?routeid=' . $route["route_id"] . '"><h3>' . $route["route_short_name"] . '</h3><p>' . $route["route_long_name"] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
}
}
--- a/stop.php
+++ b/stop.php
@@ -1,7 +1,5 @@
<?php
include ('include/common.inc.php');
-$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-$stopcode = filter_var($_REQUEST['stopcode'], FILTER_SANITIZE_STRING);
if ($stopid) $stop = getStop($stopid);
/*if ($stopcode != "" && $stop[5] != $stopcode) {
$url = $APIurl . "/json/stopcodesearch?q=" . $stopcode;
@@ -21,8 +19,7 @@
$allStopsTrips = Array();
$fetchedTripSequences = Array();
$stopLinks = "";
-if (isset($_REQUEST['stopids'])) {
- $stopids = explode(",", filter_var($_REQUEST['stopids'], FILTER_SANITIZE_STRING));
+if (isset($stopids)) {
foreach ($stopids as $sub_stopid) {
$stops[] = getStop($sub_stopid);
}
--- a/stopList.php
+++ b/stopList.php
@@ -1,17 +1,13 @@
<?php
include ('include/common.inc.php');
$stops = Array();
-function filterByFirstLetter($var)
-{
- return $var[1][0] == $_REQUEST['firstLetter'];
-}
function navbar()
{
echo '
<div data-role="navbar">
<ul>
<li><a href="stopList.php">Timing Points</a></li>
- <li><a href="stopList.php?suburbs=yes">By Suburb</a></li>
+ <li><a href="stopList.php?bysuburbs=yes">By Suburb</a></li>
<li><a href="stopList.php?nearby=yes">Nearby Stops</a></li>
<li><a href="stopList.php?allstops=yes">All Stops</a></li>
</ul>
@@ -19,18 +15,18 @@
';
}
// By suburb
-if (isset($_REQUEST['suburbs'])) {
+if (isset($bysuburbs)) {
include_header("Stops by Suburb", "stopList");
navbar();
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($_REQUEST['firstLetter'])) {
+ if (!isset($firstLetter)) {
foreach (range('A', 'Z') as $letter) {
- echo "<li><a href=\"stopList.php?firstLetter=$letter&suburbs=yes\">$letter...</a></li>\n";
+ echo "<li><a href=\"stopList.php?firstLetter=$letter&bysuburbs=yes\">$letter...</a></li>\n";
}
}
else {
foreach ($suburbs as $suburb) {
- if (startsWith($suburb, $_REQUEST['firstLetter'])) {
+ if (startsWith($suburb, $firstLetter)) {
echo '<li><a href="stopList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
}
}
@@ -39,41 +35,39 @@
}
else {
// Timing Points / All stops
- if ($_REQUEST['allstops']) {
+ if (isset($allstops)) {
$listType = 'allstops=yes';
$stops = getStops();
include_header("All Stops", "stopList");
navbar();
timePlaceSettings();
}
- else if ($_REQUEST['nearby']) {
+ else if (isset($nearby)) {
$listType = 'nearby=yes';
include_header("Nearby Stops", "stopList", true, true);
- trackEvent("Stop Lists","Stops Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
+ trackEvent("Stop Lists", "Stops Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
navbar();
timePlaceSettings(true);
if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
include_footer();
die();
}
-
- $stops = getNearbyStops($_SESSION['lat'],$_SESSION['lon'],15);
+ $stops = getNearbyStops($_SESSION['lat'], $_SESSION['lon'], 15);
}
- else if ($_REQUEST['suburb']) {
- $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
+ else if (isset($suburb)) {
$stops = getStopsBySuburb($suburb);
include_header("Stops in " . ucwords($suburb) , "stopList");
navbar();
- trackEvent("Stop Lists","Stops By Suburb", $suburb);
+ trackEvent("Stop Lists", "Stops By Suburb", $suburb);
}
else {
- $stops = getStops(true,$_REQUEST['firstLetter']);
+ $stops = getStops(true, $firstLetter);
include_header("Timing Points / Major Stops", "stopList");
navbar();
timePlaceSettings();
}
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($_REQUEST['firstLetter']) && !$_REQUEST['suburb'] && !$_REQUEST['nearby']) {
+ if (!isset($firstLetter) && !isset($suburb) && !isset($nearby)) {
foreach (range('A', 'Z') as $letter) {
echo "<li><a href=\"stopList.php?firstLetter=$letter&$listType\">$letter...</a></li>\n";
}
@@ -91,11 +85,12 @@
if (!startsWith($stopsGrouped['stop_codes'][0], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point: " class="ui-li-icon">';
echo '<a href="stop.php?stopids=' . implode(",", $stopsGrouped['stop_ids']) . '">';
if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
- echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+ echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
}
echo bracketsMeanNewLine(trim(preg_replace("/\(Platform.*/", "", $stop['stop_name'])) . '(' . sizeof($stopsGrouped["stop_ids"]) . ' stops)');
echo "</a></li>\n";
- flush(); @ob_flush();
+ flush();
+ @ob_flush();
$stopsGrouped = Array();
}
else {
@@ -104,11 +99,12 @@
if (!startsWith($stop['stop_code'], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point" class="ui-li-icon">';
echo '<a href="stop.php?stopid=' . $stop['stop_id'] . (startsWith($stop['stop_code'], "Wj") ? '&stopcode=' . $stop['stop_code'] : "") . '">';
if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
- echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+ echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
}
echo bracketsMeanNewLine($stop['stop_name']);
echo "</a></li>\n";
- flush(); @ob_flush();
+ flush();
+ @ob_flush();
}
}
else {
--- a/trip.php
+++ b/trip.php
@@ -1,12 +1,9 @@
<?php
include ('include/common.inc.php');
-$tripid = filter_var($_REQUEST['tripid'], FILTER_SANITIZE_NUMBER_INT);
-$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-$routeid = filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT);
$routetrips = Array();
-if ($_REQUEST['routeid'] && !$_REQUEST['tripid']) {
+if (isset($routeid) && !isset($tripid)) {
$trip = getRouteNextTrip($routeid);
$tripid = $trip['trip_id'];
} else {