From 9c2a1dc37f2e16f27b8012a193c6258ec962c333 Mon Sep 17 00:00:00 2001
From: DennisSchiefer <shiin@gmx.de>
Date: Fri, 16 Mar 2012 09:07:03 +0100
Subject: [PATCH] implemented several security measures when parsing GET input
 to the site

---
 WebContent/main.js  | 75 +++++++++++++++++++++++++--------------------
 WebContent/utils.js | 16 ++++++++++
 2 files changed, 58 insertions(+), 33 deletions(-)

diff --git a/WebContent/main.js b/WebContent/main.js
index 7949f40fa..d4d97836d 100644
--- a/WebContent/main.js
+++ b/WebContent/main.js
@@ -176,41 +176,50 @@ function initMap() {
 // parse URL GET parameters if any exist
 function checkURL(){
 	var called_url = document.location.search.substr(1,document.location.search.length);
-	if( called_url != '') {
-		var positions = [];
-		
-		var destination = undefined;
-		var destination_name = undefined;
+	
+	// reject messages that are clearly too long or too small 
+	if( called_url.length > 1000 || called_url.length == 0)
+		return;
+	
+	// storage for parameter values
+	var positions = [];
+	var destination = undefined;
+	var destination_name = undefined;
 
-		// parse input (currently only parses start, dest, via)
-		var splitted_url = called_url.split('&');
-		for(var i=0; i<splitted_url.length; i++) {
-			var name_val = splitted_url[i].split('=');
-			if(name_val.length!=2)
-				continue;
-				
-			if(name_val[0] == 'loc') {
-				var coordinates = unescape(name_val[1]).split(',');
-				if(coordinates.length==2)
-					positions.push ( new L.LatLng( coordinates[0], coordinates[1]) );
-			}
-			else if(name_val[0] == 'dest') {
-				var coordinates = unescape(name_val[1]).split(',');
-				if(coordinates.length==2)				
-					destination = new L.LatLng( coordinates[0], coordinates[1]);
-			}
-			else if(name_val[0] == 'destname')
-				destination_name = name_val[1];			
+	// parse input
+	var splitted_url = called_url.split('&');
+	for(var i=0; i<splitted_url.length; i++) {
+		var name_val = splitted_url[i].split('=');
+		if(name_val.length!=2)
+			continue;
+			
+		if(name_val[0] == 'loc') {
+			var coordinates = unescape(name_val[1]).split(',');
+			if(coordinates.length!=2 || !isLatitude(coordinates[0]) || !isLongitude(coordinates[1]) )
+				return;
+			positions.push ( new L.LatLng( coordinates[0], coordinates[1]) );
 		}
+		else if(name_val[0] == 'dest') {
+			var coordinates = unescape(name_val[1]).split(',');
+			if(coordinates.length!=2 || !isLatitude(coordinates[0]) || !isLongitude(coordinates[1]) )
+				return;				
+			destination = new L.LatLng( coordinates[0], coordinates[1]);
+		}
+		else if(name_val[0] == 'destname') {
+			destination_name = decodeURI(name_val[1]).replace(/<\/?[^>]+(>|$)/g ,"");	// discard tags	
+		}
+	}
 		
-		// destination given
-		if( destination != undefined ) {
-			onclickGeocoderResult("target", destination.lat, destination.lng, (destination_name == undefined) );
-			if( destination_name != undefined )
-				document.getElementById("input-target-name").value = decodeURI(destination_name);
-			return;
-		}
+	// case 1: destination given
+	if( destination != undefined ) {
+		onclickGeocoderResult("target", destination.lat, destination.lng, (destination_name == undefined) );
+		if( destination_name != undefined )
+			document.getElementById("input-target-name").value = destination_name;
+		return;
+	}
 
+	// case 2: locations given
+	if( positions != []) {
 		// draw via points
 		if( positions.length > 0)
 			my_markers.setSource( positions[0] );
@@ -220,10 +229,10 @@ function checkURL(){
 			my_markers.setVia( i-1, positions[i] );
 		for(var i=0; i<my_markers.route.length;i++)
 			my_markers.route[i].show();
-		
+			
 		// compute route
 		getRoute(OSRM.FULL_DESCRIPTION);
-		
+			
 		// center on route
 		var bounds = new L.LatLngBounds( positions );
 		map.fitBounds( bounds );
diff --git a/WebContent/utils.js b/WebContent/utils.js
index d59948aff..2f1ae41a2 100644
--- a/WebContent/utils.js
+++ b/WebContent/utils.js
@@ -50,6 +50,22 @@ function getDistanceWithUnit(distance){
 	else{ return distance+'&nbsp;' + 'm'; }
 }
 
+//------------------------------------------------------
+
+// verify angles
+function isLatitude(value) {
+	if( value >=-90 && value <=90)
+		return true;
+	else
+		return false;
+}
+function isLongitude(value) {
+	if( value >=-180 && value <=180)
+		return true;
+	else
+		return false;
+}
+
 // ------------------------------------------------------
 
 // distance between two points