Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removes a security-issue around HRD-Marking and moves the function to Model

Browse Source
This commit is contained in:
int2001
2024-07-01 14:16:42 +00:00
parent 6a1634bc71
commit 8b74a34117
2 changed files with 31 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
application/controllers/Hrdlog.php
View File

@@ -83,25 +83,17 @@ class Hrdlog extends CI_Controller {
}
public function mark_hrdlog() {
// Set memory limit to unlimited to allow heavy usage
ini_set('memory_limit', '-1');
// As far as i did research, this one is ONLY Called by "Mark-QSO" at the UI
$this->load->model('hrdlog_model');
$this->load->model('stations');
$station_id = $this->security->xss_clean($this->input->post('station_profile'));
$station_id = $this->security->xss_clean($this->input->post('station_profile'));
$this->load->model('adif_data');
$this->load->model('logbook_model');
$data['qsos'] = $this->adif_data->export_custom($this->input->post('from'), $this->input->post('to'), $station_id);
if (isset($data['qsos'])) {
foreach ($data['qsos']->result() as $qso)
{
$this->logbook_model->mark_hrdlog_qsos_sent($qso->COL_PRIMARY_KEY);
}
}
$this->load->view('interface_assets/header', $data);
$this->load->view('hrdlog/mark_hrdlog', $data);
$this->load->view('interface_assets/footer');
$data['qsos']=[];
if ($this->stations->check_station_is_accessible($station_id)) { // Hard Exit if station_profile not accessible
$data['qsos']=$this->hrdlog_model->mass_mark_hrdlog_sent($station_id,$this->security->xss_clean($this->input->post('from')),$this->security->xss_clean($this->input->post('to')));
}
$this->load->view('interface_assets/header', $data);
$this->load->view('hrdlog/mark_hrdlog', $data);
$this->load->view('interface_assets/footer');
}
}

20
application/models/Hrdlog_model.php
View File

@@ -94,6 +94,26 @@ class Hrdlog_model extends CI_Model {
return $result;
}
function mass_mark_hrdlog_sent($station_id, $from, $till) {
// Set memory limit to unlimited to allow heavy usage
ini_set('memory_limit', '-1');
$this->load->model('adif_data');
$this->load->model('logbook_model');
$qsos = $this->adif_data->export_custom($from, $till, $station_id);
if (isset($qsos)) {
foreach ($qsos->result() as $qso) {
$mark_them[]=$qso->COL_PRIMARY_KEY;
}
$sql="update ".$this->config->item('table_name')." set COL_HRDLOG_QSO_UPLOAD_DATE='".date("Y-m-d H:i:s", strtotime("now"))."', COL_HRDLOG_QSO_UPLOAD_STATUS='Y' where col_primary_key in (".implode(',', array_values($mark_them)).") and station_id=".$station_id;
$query = $this->db->query($sql);
return $this->db->affected_rows();
}
return 0;
}
/*
* Function marks QSO with given primarykey as uploaded to hrdlog
*/