From 49113fe19ff21841f50c9f44d3445d708a3ea2eb Mon Sep 17 00:00:00 2001 From: HB9HIL Date: Sun, 25 Aug 2024 15:34:09 +0200 Subject: [PATCH] xss clean of postdata --- application/models/Distances_model.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/application/models/Distances_model.php b/application/models/Distances_model.php index d3dcb8602..be96e7f04 100644 --- a/application/models/Distances_model.php +++ b/application/models/Distances_model.php @@ -5,6 +5,9 @@ class Distances_model extends CI_Model { function get_distances($postdata, $measurement_base) { + + $clean_postdata = $this->security->xss_clean($postdata); + $this->load->model('logbooks_model'); $logbooks_locations_array = $this->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); @@ -27,20 +30,20 @@ class Distances_model extends CI_Model $this->db->join('satellite', 'satellite.name = '.$this->config->item('table_name').'.COL_SAT_NAME', 'left outer'); $this->db->where('LENGTH(col_gridsquare) >', 0); - if ($postdata['band'] != 'All') { - if ($postdata['band'] == 'sat') { - $this->db->where('col_prop_mode', $postdata['band']); - if ($postdata['sat'] != 'All') { - $this->db->where('col_sat_name', $postdata['sat']); + if ($clean_postdata['band'] != 'All') { + if ($clean_postdata['band'] == 'sat') { + $this->db->where('col_prop_mode', $clean_postdata['band']); + if ($clean_postdata['sat'] != 'All') { + $this->db->where('col_sat_name', $clean_postdata['sat']); } } else { - $this->db->where('col_band', $postdata['band']); + $this->db->where('col_band', $clean_postdata['band']); } } - if ($postdata['orbit'] != 'All') { - $this->db->where('satellite.orbit', $postdata['orbit']); + if ($clean_postdata['orbit'] != 'All') { + $this->db->where('satellite.orbit', $clean_postdata['orbit']); } $this->db->where('station_id', $station_id);