sven/ulogger-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add position: improve parameters checking

Browse Source
This commit is contained in:
Bartek Fabiszewski 2017-08-24 14:53:55 +02:00
parent e448651e07
commit 619ef59f51
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/index.php
View File

@ -92,7 +92,7 @@ switch ($action) {
$imageId = isset($_REQUEST["imageid"]) ? $_REQUEST["imageid"] : NULL;
$trackId = isset($_REQUEST["trackid"]) ? $_REQUEST["trackid"] : NULL;
if (is_null($lat) || is_null($lon) || is_null($timestamp) || is_null($trackId)) {
if (!is_numeric($lat) || !is_numeric($lon) || !is_numeric($timestamp) || !is_numeric($trackId)) {
setError($response, "Missing required parameter");
break;
}

2
helpers/position.php
View File

@ -96,7 +96,7 @@
$altitude = NULL, $speed = NULL, $bearing = NULL, $accuracy = NULL,
$provider = NULL, $comment = NULL, $imageId = NULL) {
$positionId = false;
if (!is_null($lat) && !is_null($lon) && !is_null($timestamp) && !empty($userId) && !empty($trackId)) {
if (is_numeric($lat) && is_numeric($lon) && is_numeric($timestamp) && is_numeric($userId) && is_numeric($trackId)) {
$track = new uTrack($trackId);
if ($track->isValid && $track->userId == $userId) {
$query = "INSERT INTO `" . self::db()->table('positions') . "`