phyks/bikeinparis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Small security fix

Browse Source
This commit is contained in:
Phyks 2013-08-01 14:43:20 +02:00
parent d7d53d643e
commit 1602f5dcc2
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
js.js
View File

@ -90,6 +90,8 @@ window.onload = function() {
} }
} }
params_url = encodeURI(params_url);
if(available || free || station) if(available || free || station)
{ {
if(update == false && (navigator.geolocation || position != '')) //We don't want to update and the navigator as geolocation capabilities or we specified a position if(update == false && (navigator.geolocation || position != '')) //We don't want to update and the navigator as geolocation capabilities or we specified a position
@ -459,11 +461,11 @@ window.onload = function() {
{ {
if(GET != '' && GET != "position") if(GET != '' && GET != "position")
{ {
input_params += "<input type='hidden' name='"+GET+"' value='"+params[GET]+"'/>"; input_params += "<input type='hidden' name='"+escapeHTML(GET)+"' value='"+escapeHTML(params[GET])+"'/>";
} }
} }
document.getElementById("position").innerHTML = '<form action="index.php" method="get"><p><label for="position">Chercher autour de :</label><br/><input typ="text" name="position" id="position"/></p><p><input type="submit" value="Chercher"/></p>'+escapeHTML(input_params)+'</form>'; document.getElementById("position").innerHTML = '<form action="index.php" method="get"><p><label for="position">Chercher autour de :</label><br/><input typ="text" name="position" id="position"/></p><p><input type="submit" value="Chercher"/></p>'+input_params+'</form>';
} }
} }
else //If we didn't choose what to do, display the choices else //If we didn't choose what to do, display the choices