Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix possible vuln at search_lotw_unconfirmed

Browse Source
This commit is contained in:
int2001
2025-12-30 08:19:17 +00:00
parent 1211c2319f
commit 4cf6b50c7e
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
application/controllers/Logbook.php
View File

@@ -1028,6 +1028,7 @@ class Logbook extends CI_Controller {
if (!is_numeric($clean_station_id) && $clean_station_id !== 'All') {
show_404();
return;
}
$this->load->model('user_model');
@@ -1054,8 +1055,8 @@ class Logbook extends CI_Controller {
join lotw_users on ' . $this->config->item('table_name') . '.col_call = lotw_users.callsign
where ' . $this->config->item('table_name') .'.station_id in ('. $location_list . ')';
if ($station_id != 'All') {
$sql .= ' and station_profile.station_id = ' . $station_id;
if ($clean_station_id != 'All') {
$sql .= ' and station_profile.station_id = ' . $clean_station_id;
}
$sql .= " and COL_LOTW_QSL_RCVD <> 'Y' and " . $this->config->item('table_name') . ".COL_TIME_ON < lotw_users.lastupload";