sanitize input in diffmap.php?

michaelvl / osm-analytic-tracker

OpenStreetMap Analytic Difference Engine

GNU General Public License v2.0

38 stars 1 forks source link

sanitize input in diffmap.php? #7

Closed poempelfox closed 9 years ago

poempelfox commented 9 years ago

I'm not much of a PHP programmer, but it would probably be wise to make sure $cid in diffmap.php only contains sane (integer) values before using it as part of a filename and echoing it back to the user. Possibly something like

$cid = filter_input(INPUT_GET, 'cid', FILTER_SANITIZE_NUMBER_INT);

instead of

 $cid=$_GET['cid'];

michaelvl commented 9 years ago

Thanks for the feedback. This is now part of diffmap.php.