From 38dae0c4ec8bb9e12afa33ce2a5c7b12c3b02093 Mon Sep 17 00:00:00 2001
From: HB9HIL <fabian.berg@hb9hil.org>
Date: Sat, 24 Feb 2024 08:05:50 +0100
Subject: [PATCH] xss_clean

---
 application/models/Stations.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/application/models/Stations.php b/application/models/Stations.php
index d2f768c2c..b1c788ef0 100644
--- a/application/models/Stations.php
+++ b/application/models/Stations.php
@@ -75,14 +75,14 @@ class Stations extends CI_Model {
 
 		// Check if the state is Canada and get the correct state
 		if ($this->input->post('dxcc') == 1 && $this->input->post('station_ca_state') !="") {
-			$state = $this->input->post('station_ca_state');
+			$state = xss_clean($this->input->post('station_ca_state', true));
 		} else {
-			$state = $this->input->post('station_state');
+			$state = xss_clean($this->input->post('station_state', true));
 		}
 
 		// Check if DXCC is USA, Alaska or Hawaii. If not true, we clear the County field due to complex adif specs
 		if (($this->input->post('dxcc') == 291 || $this->input->post('dxcc') == 006 || $this->input->post('dxcc') == 110) && $this->input->post('station_cnty') !="") {
-			$county = $this->input->post('station_cnty');
+			$county = xss_clean($this->input->post('station_cnty', true));
 		} else {
 			$county = '';
 		}
@@ -135,14 +135,14 @@ class Stations extends CI_Model {
 
 		// Check if the state is Canada and get the correct state
 		if ($this->input->post('dxcc') == 1 && $this->input->post('station_ca_state') !="") {
-			$state = $this->input->post('station_ca_state');
+			$state = xss_clean($this->input->post('station_ca_state', true));
 		} else {
-			$state = $this->input->post('station_state');
+			$state = xss_clean($this->input->post('station_state', true));
 		}
 
 		// Check if DXCC is USA, Alaska or Hawaii. If not true, we clear the County field due to complex adif specs
 		if (($this->input->post('dxcc') == 291 || $this->input->post('dxcc') == 006 || $this->input->post('dxcc') == 110) && $this->input->post('station_cnty') !="") {
-			$county = $this->input->post('station_cnty');
+			$county = xss_clean($this->input->post('station_cnty', true));
 		} else {
 			$county = '';
 		}