klnusbaum
commented
12 years ago The function was moved. It's called USCWebGISGeocoder and it's in geocoders.py
Closed klnusbaum closed 12 years ago
klnusbaum
commented
12 years ago The function was moved. It's called USCWebGISGeocoder and it's in geocoders.py
klnusbaum
commented
12 years ago Fixed, we santize the inputs now.
The function geocodeLocaiton in the file player.py is vulnerable to a url injection attack. The json inputs are never scrubed and fed directly into the url query.