From 75242961eedea7bf397c3736305ff1b4a01efd02 Mon Sep 17 00:00:00 2001
From: Andreas Jakum <aj-gh@users.noreply.github.com>
Date: Sat, 26 Dec 2020 23:06:50 +0100
Subject: Replace abused mysql_escape_string with a regex check.

---
 index.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index a95fd6f..72213b0 100644
--- a/index.php
+++ b/index.php
@@ -1,9 +1,9 @@
 <?php
 session_start();
 
-if(isset($_REQUEST['lat'])) $lat = mysql_escape_string($_REQUEST['lat']);
-if(isset($_REQUEST['lng'])) $lng = mysql_escape_string($_REQUEST['lng']);
-if(isset($_REQUEST['res'])) $res = $_REQUEST['res'];
+if(isset($_REQUEST['lat']) && preg_match('/^\-?[0-9\.]+$/', $_REQUEST['lat']) $lat = $_REQUEST['lat'];
+if(isset($_REQUEST['lng']) && preg_match('/^\-?[0-9\.]+$/', $_REQUEST['lng']) $lng = $_REQUEST['lng'];
+if(isset($_REQUEST['res']) && preg_match('/^[0-9]+$/', $_REQUEST['res'])) $res = $_REQUEST['res'];
 
 //default values
 if(empty($lat)) $lat=47.07102;
-- 
cgit v1.2.1