summaryrefslogtreecommitdiff
path: root/map_prepare.php
diff options
context:
space:
mode:
Diffstat (limited to 'map_prepare.php')
-rwxr-xr-xmap_prepare.php18
1 files changed, 10 insertions, 8 deletions
diff --git a/map_prepare.php b/map_prepare.php
index 288f104..b4d2ea7 100755
--- a/map_prepare.php
+++ b/map_prepare.php
@@ -2,18 +2,20 @@
<script type="text/javascript">
+
var G=google.maps;
- <?php echo"startsearch='".$search."';\n";?>
- <?php echo"startmenu='".$menu."';\n";?>
- <?php echo"startmarkers='".$markers."';\n";?>
+
+ <?php //echo"startsearch='".$search."';\n";?>
+ <?php //echo"startmenu='".$menu."';\n";?>
+ <?php //echo"startmarkers='".$markers."';\n";?>
//security flags for js
- <?php echo "EDITABLE=".$editable."\n";?>
- <?php echo "DEBUG=".$debug."\n";?>
- <?php echo "STARTPOS=new G.LatLng(".$startlat.",".$startlng.")\n";?>
+ <?php echo "EDITABLE=".$editable.";\n";?>
+ <?php echo "DEBUG=".$debug.";\n";?>
+ <?php echo "STARTPOS=new G.LatLng(".$startlat.",".$startlng.");\n";?>
// Pass any POST variables to Javascript, which are then used in maps-extra.js
- var search_posted = '<?php echo $_GET['q']; ?>';
- var quicklinks_posted = '<?php echo $quicklinks_posted; ?>';
+ var search_posted = '<?php echo (isset($_GET['q']) ? str_replace("'", "\'", htmlspecialchars($_GET['q'])) : ''); // DS added htmlspecialchars 2013 May 8 and single quote escaping 2013 May 9 ?>';
+ var quicklinks_posted = '<?php //echo $quicklinks_posted; ?>';
var submit_the_query_form = false;
</script> \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 08:35:16 +0000