summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Jakum <aj-gh@users.noreply.github.com>2020-12-26 23:06:50 +0100
committerAndreas Jakum <aj-gh@users.noreply.github.com>2020-12-26 23:06:50 +0100
commit75242961eedea7bf397c3736305ff1b4a01efd02 (patch)
tree4038984ef2f4c30d4952581a5928ecab088e7118
parent1d5c8cb96ad9a1a9f61991a19b1362142b074430 (diff)
Replace abused mysql_escape_string with a regex check.
-rw-r--r--index.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/index.php b/index.php
index a95fd6f..72213b0 100644
--- a/index.php
+++ b/index.php
@@ -1,9 +1,9 @@
<?php
session_start();
-if(isset($_REQUEST['lat'])) $lat = mysql_escape_string($_REQUEST['lat']);
-if(isset($_REQUEST['lng'])) $lng = mysql_escape_string($_REQUEST['lng']);
-if(isset($_REQUEST['res'])) $res = $_REQUEST['res'];
+if(isset($_REQUEST['lat']) && preg_match('/^\-?[0-9\.]+$/', $_REQUEST['lat']) $lat = $_REQUEST['lat'];
+if(isset($_REQUEST['lng']) && preg_match('/^\-?[0-9\.]+$/', $_REQUEST['lng']) $lng = $_REQUEST['lng'];
+if(isset($_REQUEST['res']) && preg_match('/^[0-9]+$/', $_REQUEST['res'])) $res = $_REQUEST['res'];
//default values
if(empty($lat)) $lat=47.07102;