Mercurial > hg > batmud > gmap2
changeset 309:8e686cda5c6e gmap2
Fix potential XSS :S
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Tue, 12 Sep 2017 13:54:15 +0300 |
| parents | c0bac5a78724 |
| children | 63eb4661d13c |
| files | index.php |
| diffstat | 1 files changed, 3 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/index.php Mon Sep 11 14:36:16 2017 +0300 +++ b/index.php Tue Sep 12 13:54:15 2017 +0300 @@ -113,17 +113,16 @@ $jsData = []; foreach ($jsTokens as $key) { - if (isset($_GET[$key]) && strlen($_GET[$key]) > 0) + if (isset($_GET[$key]) && strlen($sval = $_GET[$key]) > 0) { - $sval = $_GET[$key]; - $jsData[] = "\"".$key."\":".(is_numeric($sval) ? $sval : "\"".$sval."\""); + $jsData[$key] = is_numeric($sval) ? intval($sval) : strval($sval); } } echo " <script type=\"text/javascript\">\n". " pmapBaseURL = \"".$pageBaseURL."\";\n". - " pmapInitializeMap({".implode($jsData, ",")."});\n". + " pmapInitializeMap(".json_encode($jsData).");\n". " </script>\n". " </body>\n". "</html>\n";