]> git.openstreetmap.org Git - nominatim.git/blobdiff - lib/Geocode.php
properly check format of viewbox parameter
[nominatim.git] / lib / Geocode.php
index 6bc2c1e6d37273e36b1f2b88d80ed9a71834517f..ae82498f2b847e35ab2da436377cb69d0f3857c7 100644 (file)
@@ -162,7 +162,7 @@ class Geocode
 
         $this->sViewboxCentreSQL = "ST_SetSRID('LINESTRING(";
         $sSep = '';
-        foreach ($this->aRoutePoints as $aPoint) {
+        foreach ($aRoutePoints as $aPoint) {
             $fPoint = (float)$aPoint;
             $this->sViewboxCentreSQL .= $sSep.$fPoint;
             $sSep = ($sSep == ' ') ? ',' : ' ';
@@ -180,6 +180,16 @@ class Geocode
     {
         $this->aViewBox = array_map('floatval', $aViewbox);
 
+        if ($this->aViewBox[0] < -180
+            || $this->aViewBox[2] > 180
+            || $this->aViewBox[0] >= $this->aViewBox[2]
+            || $this->aViewBox[1] < -90
+            || $this->aViewBox[3] > 90
+            || $this->aViewBox[1] >= $this->aViewBox[3]
+        ) {
+            userError("Bad parameter 'viewbox'. Out of range".$this->aViewBox[0]."|".$this->aViewBox[1]."|".$this->aViewBox[2]."|".$this->aViewBox[3]);
+        }
+
         $fHeight = $this->aViewBox[0] - $this->aViewBox[2];
         $fWidth = $this->aViewBox[1] - $this->aViewBox[3];
         $aBigViewBox[0] = $this->aViewBox[0] + $fHeight;
@@ -252,16 +262,22 @@ class Geocode
                     $aCountries[] = strtolower($sCountryCode);
                 }
             }
-            if (isset($aCountryCodes))
+            if (isset($aCountries))
                 $this->aCountryCodes = $aCountries;
         }
 
         $aViewbox = $oParams->getStringList('viewboxlbrt');
         if ($aViewbox) {
+            if (count($aViewbox) != 4) {
+                userError("Bad parmater 'viewbox'. Expected 4 coordinates.");
+            }
             $this->setViewbox($aViewbox);
         } else {
             $aViewbox = $oParams->getStringList('viewbox');
             if ($aViewbox) {
+                if (count($aViewbox) != 4) {
+                    userError("Bad parmater 'viewbox'. Expected 4 coordinates.");
+                }
                 $this->setViewBox(array(
                                    $aViewbox[0],
                                    $aViewbox[3],
@@ -880,7 +896,7 @@ class Geocode
             foreach ($aPhrases as $iPhrase => $sPhrase) {
                 $aPhrase = chksql(
                     $this->oDB->getRow("select make_standard_name('".pg_escape_string($sPhrase)."') as string"),
-                    "Cannot nomralize query string (is it an UTF-8 string?)"
+                    "Cannot normalize query string (is it a UTF-8 string?)"
                 );
                 if (trim($aPhrase['string'])) {
                     $aPhrases[$iPhrase] = $aPhrase;
@@ -1467,7 +1483,7 @@ class Geocode
             }
         } else {
             // Just interpret as a reverse geocode
-            $oReverse = new Nominatim\ReverseGeocode($this->oDB);
+            $oReverse = new ReverseGeocode($this->oDB);
             $oReverse->setZoom(18);
 
             $aLookup = $oReverse->lookup(
@@ -1480,6 +1496,7 @@ class Geocode
 
             if ($aLookup['place_id']) {
                 $aSearchResults = $this->getDetails(array($aLookup['place_id'] => -1));
+                $aResultPlaceIDs[$aLookup['place_id']] = -1;
             } else {
                 $aSearchResults = array();
             }
@@ -1551,7 +1568,7 @@ class Geocode
                 // getAddressDetails() is defined in lib.php and uses the SQL function get_addressdata in functions.sql
                 $aResult['address'] = getAddressDetails($this->oDB, $sLanguagePrefArraySQL, $aResult['place_id'], $aResult['country_code'], $aResultPlaceIDs[$aResult['place_id']]);
                 if ($aResult['extra_place'] == 'city' && !isset($aResult['address']['city'])) {
-                    $aResult['address'] = array_merge(array('city' => array_shift(array_values($aResult['address']))), $aResult['address']);
+                    $aResult['address'] = array_merge(array('city' => array_values($aResult['address'])[0]), $aResult['address']);
                 }
             }