XSS vulnerabilities due to lack of input/output escaping/sanitisation

[samaloney]

A number of old and new reports on for example this one https://www.openbugbounty.org/reports/3046054/ there is a list of older report at the bottom of the page.

Possible non exclusive solutions:

1. There are not that many supported query string parameters, date, region, type, indexnum, ... most of which are parsed out in one place if they can be sanitise at this point that may resolve a many of the issues. The code below seem to parse/set many of these
   

   solarmonitorphp/website/globals.php

   Lines 33 to 64 in 20a34b2

   	$arm_data_path = "";
   	if (isset($_GET['region']) && !isset($_GET['date']))
   	{
   	$region = $_GET['region'];
   	$date_use = arsql_search($region);
   	if ($date_use == "00000000")
   	{
   	print "***no date";
   	}
   	else
   	{
   	$date = date("Ymd",strtotime($date_use));
   	if (!isset($_GET['type']))
   	header("Location: index.php?date=$date&region=$region");
   	}
   	}
   	elseif (!isset($_GET['region']) && isset($_GET['date']))
   	{
   	$date = $_GET['date'];
   	$region = '';
   	}
   	elseif (isset($_GET['region']) && isset($_GET['date']))
   	{
   	$date = $_GET['date'];
   	$region = $_GET['region'];
   	}
   	else
   	{
   	$date = gmdate("Ymd");
   	$region = '';
   	}

2. Find and appropriately escape/sanitise all output of variables obtained from the query string. A random example I pulled out
   

   solarmonitorphp/website/write_image_map.php

   Lines 53 to 56 in 20a34b2

   	if ($mode != 'prob')
   	print(" <area shape=\"circle\" coords=\"$coor1,$coor2,35\" href=JavaScript:RegionZoom(\"./region_pop.php?date=$date&type=$type&region=$region\")>\n");
   	else
   	print(" <area shape=\"circle\" coords=\"$coor1,$coor2,35\" href=JavaScript:RegionZoom(\"./region_pop_prob.php?date=$date&type=$type&region=$region\")>\n");