From: maxious <maxious@lambdacomplex.org>
Date: Fri, 29 Apr 2011 05:38:08 +0000
Subject: Escape GET variables centrally
X-Git-Url: https://maxious.lambdacomplex.org/git/?p=busui.git&a=commitdiff&h=15b043704227f088801cbb15b65bd1cf299691ea
---
Escape GET variables centrally
---


--- a/include/common-template.inc.php
+++ b/include/common-template.inc.php
@@ -182,7 +182,7 @@
 	if ($opendiv) {
 		echo '<div data-role="page"> 
 	<div data-role="header" data-position="inline">
-	<a href="' . $_SERVER["HTTP_REFERER"] . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a> 
+	<a href="' . (isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "javascript:history.go(-1)") . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a> 
 		<h1>' . $pageTitle . '</h1>
 		<a href="/index.php" data-icon="home" class="ui-btn-right">Home</a>
 	</div><!-- /header -->

--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -33,6 +33,7 @@
 include_once ("common-session.inc.php");
 include_once ("common-db.inc.php");
 include_once ("common-template.inc.php");
+include_once ("common-request.inc.php");
 
 function isDebugServer()
 {

--- a/index.php
+++ b/index.php
@@ -13,14 +13,14 @@
                 <li data-role="list-divider">Timetables - Stops</li>
                 <li><a href="stopList.php">Major (Timing Point) Stops</a></li>
 		<li><a href="stopList.php?allstops=yes">All Stops</a></li>
-		<li><a href="stopList.php?suburbs=yes">Stops By Suburb</a></li>
+		<li><a href="stopList.php?bysuburbs=yes">Stops By Suburb</a></li>
 		<li><a class="nearby" href="stopList.php?nearby=yes">Nearby Stops</a></li>
             </ul>
 	    <ul data-role="listview" data-inset="true" data-theme="c" data-dividertheme="b">
                 <li data-role="list-divider">Timetables - Routes</li>
                 <li><a href="routeList.php">Routes By Final Destination</a></li>
 		<li><a href="routeList.php?bynumber=yes">Routes By Number</a></li>
-		<li><a href="routeList.php?bysuburb=yes">Routes By Suburb</a></li>
+		<li><a href="routeList.php?bysuburbs=yes">Routes By Suburb</a></li>
 		<li><a class="nearby" href="routeList.php?nearby=yes">Nearby Routes</a></li>
             </ul>
 <?php

--- a/labs/networkstats.php
+++ b/labs/networkstats.php
@@ -31,7 +31,6 @@
 <?php
 // middle of graph = 6am
 $adjustFactor = 0;
-$routeid = ($_REQUEST['routeid'] ? filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT) : 0);
 $route = getRoute($routeid);
 echo "<h1>{$route['route_short_name']} {$route['route_long_name']}</h1>";
 foreach (getRouteTrips($routeid) as $key => $trip) {

--- a/layar_api.php
+++ b/layar_api.php
@@ -5,11 +5,8 @@
 $output['layer'] = "canberrabusstops";
 $max_page = 10;
 $max_results = 50;
-$page_start = 0 + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$page_end = $max_page + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
+$page_start = 0 + $pageKey;
+$page_end = $max_page + $pageKey;
 $contents = getNearbyStops($lat, $lon, 50, $max_distance);
 $stopNum = 0;
 foreach ($contents as $stop) {

--- a/routeList.php
+++ b/routeList.php
@@ -7,72 +7,70 @@
 			<ul> 
 				<li><a href="routeList.php">By Final Destination...</a></li> 
 				<li><a href="routeList.php?bynumber=yes">By Number... </a></li>
-				<li><a href="routeList.php?bysuburb=yes">By Suburb... </a></li>
+				<li><a href="routeList.php?bysuburbs=yes">By Suburb... </a></li>
 				<li><a href="routeList.php?nearby=yes">Nearby... </a></li>
 			</ul>
                 </div>
 	';
 }
-if ($_REQUEST['bysuburb']) {
+if (isset($bysuburbs)) {
 	include_header("Routes by Suburb", "routeList");
 	navbar();
 	echo '  <ul data-role="listview" data-filter="true" data-inset="true" >';
-	if (!isset($_REQUEST['firstLetter'])) {
+	if (!isset($firstLetter)) {
 		foreach (range('A', 'Z') as $letter) {
-			echo "<li><a href=\"routeList.php?firstLetter=$letter&amp;bysuburb=yes\">$letter...</a></li>\n";
+			echo "<li><a href=\"routeList.php?firstLetter=$letter&amp;bysuburbs=yes\">$letter...</a></li>\n";
 		}
 	}
 	else {
 		foreach ($suburbs as $suburb) {
-			if (startsWith($suburb, $_REQUEST['firstLetter'])) {
+			if (startsWith($suburb, $firstLetter)) {
 				echo '<li><a href="routeList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
 			}
 		}
 	}
 	echo '</ul>';
 }
-else if ($_REQUEST['nearby'] || $_REQUEST['suburb']) {
+else if (isset($nearby) || isset($suburb)) {
 	$routes = Array();
-	if ($_REQUEST['suburb']) {
-		$suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
-		include_header($suburb ." - ".ucwords(service_period()), "routeList");
-					navbar();
-					timePlaceSettings();
-				trackEvent("Route Lists", "Routes By Suburb", $suburb);
-		$routes = getRoutesBySuburb($suburb);
-		
+	if ($suburb) {
+		include_header($suburb . " - " . ucwords(service_period()) , "routeList");
+		navbar();
+		timePlaceSettings();
+		trackEvent("Route Lists", "Routes By Suburb", $suburb);
+		$routes = getRoutesbysuburbs($suburb);
 	}
-	if ($_REQUEST['nearby']) {
+	if (isset($nearby)) {
 		include_header("Routes Nearby", "routeList", true, true);
-		trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
-			navbar();
-			timePlaceSettings(true);
+		trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
+		navbar();
+		timePlaceSettings(true);
 		if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
 			include_footer();
 			die();
 		}
-		$routes = getRoutesNearby($_SESSION['lat'],$_SESSION['lon']);
+		$routes = getRoutesNearby($_SESSION['lat'], $_SESSION['lon']);
 	}
-
 	echo '  <ul data-role="listview" data-filter="true" data-inset="true" >';
- if ($routes) {
-	foreach ($routes as $route) {
-		echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
-		if ($_REQUEST['nearby']) {
-			$time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
-				echo '<span class="ui-li-count">'.($time['arrival_time']?$time['arrival_time']:"No more trips today")."<br>" .floor($route['distance']) . 'm away</span>';
+	if ($routes) {
+		foreach ($routes as $route) {
+			echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
+			if (isset($nearby)) {
+				$time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
+				echo '<span class="ui-li-count">' . ($time['arrival_time'] ? $time['arrival_time'] : "No more trips today") . "<br>" . floor($route['distance']) . 'm away</span>';
+			}
+			echo "</a></li>\n";
 		}
-		echo "</a></li>\n";
 	}
- } else {
-	echo "<li style='text-align: center;'> No routes nearby.</li>";
- }
+	else {
+		echo "<li style='text-align: center;'> No routes nearby.</li>";
+	}
 }
-else if ($_REQUEST['bynumber'] || $_REQUEST['numberSeries']) {
+else if (isset($bynumber) || isset($numberSeries)) {
 	include_header("Routes by Number", "routeList");
 	navbar();
 	echo ' <ul data-role="listview"  data-inset="true">';
-	if ($_REQUEST['bynumber']) {
+	if (isset($bynumber)) {
 		$routes = getRoutesByNumber();
 		$routeSeries = Array();
 		$seriesRange = Array();
@@ -101,8 +99,8 @@
 			echo "</a></li>\n";
 		}
 	}
-	else if ($_REQUEST['numberSeries']) {
-		$routes = getRoutesByNumber($_REQUEST['numberSeries']);
+	else if ($numberSeries) {
+		$routes = getRoutesByNumber($numberSeries);
 		foreach ($routes as $route) {
 			echo '<li> <a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
 		}
@@ -112,8 +110,8 @@
 	include_header("Routes by Destination", "routeList");
 	navbar();
 	echo ' <ul data-role="listview"  data-inset="true">';
-	if ($_REQUEST['routeDestination']) {
-		foreach (getRoutesByDestination(urldecode($_REQUEST['routeDestination'])) as $route) {
+	if (isset($routeDestination)) {
+		foreach (getRoutesByDestination($routeDestination) as $route) {
 			echo '<li><a href="trip.php?routeid=' . $route["route_id"] . '"><h3>' . $route["route_short_name"] . '</h3><p>' . $route["route_long_name"] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
 		}
 	}

--- a/stop.php
+++ b/stop.php
@@ -1,7 +1,5 @@
 <?php
 include ('include/common.inc.php');
-$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-$stopcode = filter_var($_REQUEST['stopcode'], FILTER_SANITIZE_STRING);
 if ($stopid) $stop = getStop($stopid);
 /*if ($stopcode != "" && $stop[5] != $stopcode) {
 	$url = $APIurl . "/json/stopcodesearch?q=" . $stopcode;
@@ -21,8 +19,7 @@
 $allStopsTrips = Array();
 $fetchedTripSequences = Array();
 $stopLinks = "";
-if (isset($_REQUEST['stopids'])) {
-	$stopids = explode(",", filter_var($_REQUEST['stopids'], FILTER_SANITIZE_STRING));
+if (isset($stopids)) {
 	foreach ($stopids as $sub_stopid) {
 		$stops[] = getStop($sub_stopid);
 	}

--- a/stopList.php
+++ b/stopList.php
@@ -1,17 +1,13 @@
 <?php
 include ('include/common.inc.php');
 $stops = Array();
-function filterByFirstLetter($var)
-{
-	return $var[1][0] == $_REQUEST['firstLetter'];
-}
 function navbar()
 {
 	echo '
 		<div data-role="navbar">
 			<ul> 
 				<li><a href="stopList.php">Timing Points</a></li>
-				<li><a href="stopList.php?suburbs=yes">By Suburb</a></li>
+				<li><a href="stopList.php?bysuburbs=yes">By Suburb</a></li>
 				<li><a href="stopList.php?nearby=yes">Nearby Stops</a></li>
 				<li><a href="stopList.php?allstops=yes">All Stops</a></li> 
 			</ul>
@@ -19,18 +15,18 @@
 	';
 }
 // By suburb
-if (isset($_REQUEST['suburbs'])) {
+if (isset($bysuburbs)) {
 	include_header("Stops by Suburb", "stopList");
 	navbar();
 	echo '  <ul data-role="listview" data-filter="true" data-inset="true" >';
-	if (!isset($_REQUEST['firstLetter'])) {
+	if (!isset($firstLetter)) {
 		foreach (range('A', 'Z') as $letter) {
-			echo "<li><a href=\"stopList.php?firstLetter=$letter&amp;suburbs=yes\">$letter...</a></li>\n";
+			echo "<li><a href=\"stopList.php?firstLetter=$letter&amp;bysuburbs=yes\">$letter...</a></li>\n";
 		}
 	}
 	else {
 		foreach ($suburbs as $suburb) {
-			if (startsWith($suburb, $_REQUEST['firstLetter'])) {
+			if (startsWith($suburb, $firstLetter)) {
 				echo '<li><a href="stopList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
 			}
 		}
@@ -39,41 +35,39 @@
 }
 else {
 	// Timing Points / All stops
-	if ($_REQUEST['allstops']) {
+	if (isset($allstops)) {
 		$listType = 'allstops=yes';
 		$stops = getStops();
 		include_header("All Stops", "stopList");
 		navbar();
 		timePlaceSettings();
 	}
-	else if ($_REQUEST['nearby']) {
+	else if (isset($nearby)) {
 		$listType = 'nearby=yes';
 		include_header("Nearby Stops", "stopList", true, true);
-		trackEvent("Stop Lists","Stops Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
+		trackEvent("Stop Lists", "Stops Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
 		navbar();
 		timePlaceSettings(true);
 		if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
 			include_footer();
 			die();
 		}
-		
-		$stops = getNearbyStops($_SESSION['lat'],$_SESSION['lon'],15);
+		$stops = getNearbyStops($_SESSION['lat'], $_SESSION['lon'], 15);
 	}
-	else if ($_REQUEST['suburb']) {
-		$suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
+	else if (isset($suburb)) {
 		$stops = getStopsBySuburb($suburb);
 		include_header("Stops in " . ucwords($suburb) , "stopList");
 		navbar();
-	       trackEvent("Stop Lists","Stops By Suburb", $suburb);
+		trackEvent("Stop Lists", "Stops By Suburb", $suburb);
 	}
 	else {
-		$stops = getStops(true,$_REQUEST['firstLetter']);
+		$stops = getStops(true, $firstLetter);
 		include_header("Timing Points / Major Stops", "stopList");
 		navbar();
 		timePlaceSettings();
 	}
 	echo '  <ul data-role="listview" data-filter="true" data-inset="true" >';
-	if (!isset($_REQUEST['firstLetter']) && !$_REQUEST['suburb'] && !$_REQUEST['nearby']) {
+	if (!isset($firstLetter) && !isset($suburb) && !isset($nearby)) {
 		foreach (range('A', 'Z') as $letter) {
 			echo "<li><a href=\"stopList.php?firstLetter=$letter&amp;$listType\">$letter...</a></li>\n";
 		}
@@ -91,11 +85,12 @@
 					if (!startsWith($stopsGrouped['stop_codes'][0], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point: " class="ui-li-icon">';
 					echo '<a href="stop.php?stopids=' . implode(",", $stopsGrouped['stop_ids']) . '">';
 					if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
-						echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+						echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
 					}
 					echo bracketsMeanNewLine(trim(preg_replace("/\(Platform.*/", "", $stop['stop_name'])) . '(' . sizeof($stopsGrouped["stop_ids"]) . ' stops)');
 					echo "</a></li>\n";
-					flush(); @ob_flush();
+					flush();
+					@ob_flush();
 					$stopsGrouped = Array();
 				}
 				else {
@@ -104,11 +99,12 @@
 					if (!startsWith($stop['stop_code'], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point" class="ui-li-icon">';
 					echo '<a href="stop.php?stopid=' . $stop['stop_id'] . (startsWith($stop['stop_code'], "Wj") ? '&amp;stopcode=' . $stop['stop_code'] : "") . '">';
 					if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
-						echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+						echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
 					}
 					echo bracketsMeanNewLine($stop['stop_name']);
 					echo "</a></li>\n";
-					flush(); @ob_flush();
+					flush();
+					@ob_flush();
 				}
 			}
 			else {

--- a/trip.php
+++ b/trip.php
@@ -1,12 +1,9 @@
 <?php
 include ('include/common.inc.php');
-$tripid = filter_var($_REQUEST['tripid'], FILTER_SANITIZE_NUMBER_INT);
-$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-$routeid = filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT);
 
 $routetrips = Array();
 
-if ($_REQUEST['routeid'] && !$_REQUEST['tripid']) {
+if (isset($routeid) && !isset($tripid)) {
     $trip = getRouteNextTrip($routeid);
     $tripid = $trip['trip_id'];
 } else {