# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1505213655 -10800
# Node ID 8e686cda5c6e94aab88dbb9ceb4b212fa3e9c514
# Parent  c0bac5a787247fbadc748a72a26c26d257e41553
Fix potential XSS :S

diff -r c0bac5a78724 -r 8e686cda5c6e index.php
--- a/index.php	Mon Sep 11 14:36:16 2017 +0300
+++ b/index.php	Tue Sep 12 13:54:15 2017 +0300
@@ -113,17 +113,16 @@
 $jsData = [];
 foreach ($jsTokens as $key)
 {
-  if (isset($_GET[$key]) && strlen($_GET[$key]) > 0)
+  if (isset($_GET[$key]) && strlen($sval = $_GET[$key]) > 0)
   {
-    $sval = $_GET[$key];
-    $jsData[] = "\"".$key."\":".(is_numeric($sval) ? $sval : "\"".$sval."\"");
+    $jsData[$key] = is_numeric($sval) ? intval($sval) : strval($sval);
   }
 }
 
 echo
   "    <script type=\"text/javascript\">\n".
   "      pmapBaseURL = \"".$pageBaseURL."\";\n".
-  "      pmapInitializeMap({".implode($jsData, ",")."});\n".
+  "      pmapInitializeMap(".json_encode($jsData).");\n".
   "    </script>\n".
   "  </body>\n".
   "</html>\n";