Closed klnusbaum closed 12 years ago
The function geocodeLocaiton in the file player.py is vulnerable to a url injection attack. The json inputs are never scrubed and fed directly into the url query.
The function was moved. It's called USCWebGISGeocoder and it's in geocoders.py
Fixed, we santize the inputs now.
The function geocodeLocaiton in the file player.py is vulnerable to a url injection attack. The json inputs are never scrubed and fed directly into the url query.