Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2314 from iu2frl/dev

Browse Source
This commit is contained in:
Joerg (DJ7NT)
2025-09-15 14:41:08 +02:00
committed by GitHub
parent 2e12319f8d 4ab1350454
commit 705fb5bc8a
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
application/controllers/Api.php
View File

@@ -653,6 +653,13 @@ class API extends CI_Controller {
break;
}
// Handle optional cat_url
if (isset($obj['cat_url']) && !empty($obj['cat_url'])) {
$cat_url = $this->sanitize_cat_url($obj['cat_url']);
if ($cat_url !== false) {
$obj['cat_url'] = $cat_url;
}
}
// Store Result to Database
$this->cat->update($obj, $user_id, $operator);
@@ -1093,4 +1100,28 @@ class API extends CI_Controller {
echo json_encode(['status' => 'successful', 'message' => 'Export successful', 'statistics' => $data]);
}
/**
* Sanitize and validate callback URL
* @param string $url The URL to sanitize
* @return string|false Returns sanitized URL or false if invalid
*/
private function sanitize_cat_url($url) {
// Basic sanitization
$url = trim($url);
// Check if URL is valid and uses http or https
if (!filter_var($url, FILTER_VALIDATE_URL) ||
(!preg_match('/^https?:\/\//', $url))) {
return false;
}
// Remove trailing slashes
$url = rtrim($url, '/');
// Additional XSS cleaning
$url = $this->security->xss_clean($url);
return $url;
}
}