From 7e11e5d1de7fc0237cc520b8488a788053ca9381 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Mon, 29 Dec 2025 20:00:25 +0000
Subject: [PATCH] Remove more vulns

---
 application/models/Logbookadvanced_model.php | 50 ++++++++++++++++++--
 1 file changed, 46 insertions(+), 4 deletions(-)

diff --git a/application/models/Logbookadvanced_model.php b/application/models/Logbookadvanced_model.php
index b0cf9f28f..7ddb5c2d6 100644
--- a/application/models/Logbookadvanced_model.php
+++ b/application/models/Logbookadvanced_model.php
@@ -50,7 +50,16 @@ class Logbookadvanced_model extends CI_Model {
 		}
 
 		if (($searchCriteria['ids'] ?? '') !== '') {
-			$conditions[] = "qsos.COL_PRIMARY_KEY in (".implode(",",$searchCriteria['ids']).")";
+			// Sanitize IDs to prevent SQL injection
+			if (is_array($searchCriteria['ids'])) {
+				$sanitized_ids = array_map('intval', $searchCriteria['ids']);
+				$sanitized_ids = array_filter($sanitized_ids, function($id) {
+					return $id > 0;
+				});
+				if (!empty($sanitized_ids)) {
+					$conditions[] = "qsos.COL_PRIMARY_KEY in (".implode(",",$sanitized_ids).")";
+				}
+			}
 		}
 
 		$where = trim(implode(" AND ", $conditions));
@@ -61,7 +70,10 @@ class Logbookadvanced_model extends CI_Model {
 		$limit = '';
 
 		if ($searchCriteria['qsoresults'] != 'All') {
-			$limit = 'limit ' . $searchCriteria['qsoresults'];
+			// Sanitize and enforce max limit to prevent DoS
+			$max_results = 10000;
+			$limit_value = max(1, min($max_results, intval($searchCriteria['qsoresults'])));
+			$limit = ' limit ' . $limit_value;
 		}
 
 		$sql = "
@@ -725,6 +737,21 @@ class Logbookadvanced_model extends CI_Model {
 		if(!$this->user_model->authorize(2)) {
 			return array('message' => 'Error');
 		} else {
+			// Sanitize IDs to prevent SQL injection
+			$ids_array = json_decode($ids, true);
+			if (is_array($ids_array)) {
+				$sanitized_ids = array_map('intval', $ids_array);
+				$sanitized_ids = array_filter($sanitized_ids, function($id) {
+					return $id > 0;
+				});
+			} else {
+				$sanitized_ids = [];
+			}
+
+			if (empty($sanitized_ids)) {
+				return array('message' => 'Error');
+			}
+
 			$sql = "UPDATE " . $this->config->item('table_name') ."
 				SET
 				COL_QSLSDATE = CURRENT_TIMESTAMP,
@@ -734,7 +761,7 @@ class Logbookadvanced_model extends CI_Model {
 				WHEN COL_QRZCOM_QSO_UPLOAD_STATUS IN ('Y', 'I') THEN 'M'
 				ELSE COL_QRZCOM_QSO_UPLOAD_STATUS
 				END
-				WHERE COL_PRIMARY_KEY IN (".implode(',',json_decode($ids, true)).")";
+				WHERE COL_PRIMARY_KEY IN (".implode(',', $sanitized_ids).")";
 			$binding[] = $sent;
 			$binding[] = $method;
 			$this->db->query($sql, $binding);
@@ -749,6 +776,21 @@ class Logbookadvanced_model extends CI_Model {
 		if(!$this->user_model->authorize(2)) {
 			return array('message' => 'Error');
 		} else {
+			// Sanitize IDs to prevent SQL injection
+			$ids_array = json_decode($ids, true);
+			if (is_array($ids_array)) {
+				$sanitized_ids = array_map('intval', $ids_array);
+				$sanitized_ids = array_filter($sanitized_ids, function($id) {
+					return $id > 0;
+				});
+			} else {
+				$sanitized_ids = [];
+			}
+
+			if (empty($sanitized_ids)) {
+				return array('message' => 'Error');
+			}
+
 			$sql = "UPDATE " . $this->config->item('table_name') ."
 				SET
 				COL_QSLRDATE = CURRENT_TIMESTAMP,
@@ -758,7 +800,7 @@ class Logbookadvanced_model extends CI_Model {
 				WHEN COL_QRZCOM_QSO_UPLOAD_STATUS IN ('Y', 'I') THEN 'M'
 				ELSE COL_QRZCOM_QSO_UPLOAD_STATUS
 				END
-				WHERE COL_PRIMARY_KEY IN (".implode(',',json_decode($ids, true)).")";
+				WHERE COL_PRIMARY_KEY IN (".implode(',', $sanitized_ids).")";
 			$binding[] = $sent;
 			$binding[] = $method;
 			$this->db->query($sql, $binding);