From 619ef59f51a152b8db4253df29c54c91098c9e8c Mon Sep 17 00:00:00 2001
From: Bartek Fabiszewski <github@fabiszewski.net>
Date: Thu, 24 Aug 2017 14:53:55 +0200
Subject: [PATCH] add position: improve parameters checking

---
 client/index.php     | 2 +-
 helpers/position.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/index.php b/client/index.php
index 59427d3..5195e94 100644
--- a/client/index.php
+++ b/client/index.php
@@ -92,7 +92,7 @@ switch ($action) {
     $imageId = isset($_REQUEST["imageid"]) ? $_REQUEST["imageid"] : NULL;
     $trackId = isset($_REQUEST["trackid"]) ? $_REQUEST["trackid"] : NULL;
 
-    if (is_null($lat) || is_null($lon) || is_null($timestamp) || is_null($trackId)) {
+    if (!is_numeric($lat) || !is_numeric($lon) || !is_numeric($timestamp) || !is_numeric($trackId)) {
       setError($response, "Missing required parameter");
       break;
     }
diff --git a/helpers/position.php b/helpers/position.php
index 11dfa67..0b9ccab 100644
--- a/helpers/position.php
+++ b/helpers/position.php
@@ -96,7 +96,7 @@
                                $altitude = NULL, $speed = NULL, $bearing = NULL, $accuracy = NULL,
                                $provider = NULL, $comment = NULL, $imageId = NULL) {
       $positionId = false;
-      if (!is_null($lat) && !is_null($lon) && !is_null($timestamp) && !empty($userId) && !empty($trackId)) {
+      if (is_numeric($lat) && is_numeric($lon) && is_numeric($timestamp) && is_numeric($userId) && is_numeric($trackId)) {
         $track = new uTrack($trackId);
         if ($track->isValid && $track->userId == $userId) {
           $query = "INSERT INTO `" . self::db()->table('positions') . "`