Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

some more unprotected POST data

Browse Source
This commit is contained in:
HB9HIL
2024-08-13 13:50:49 +02:00
parent 6a5309621c
commit eff812d085
2 changed files with 20 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/controllers/Lookup.php
View File

@@ -65,9 +65,7 @@ class Lookup extends CI_Controller {
public function scp() {
session_write_close();
if($_POST['callsign']) {
$uppercase_callsign = strtoupper($_POST['callsign']);
}
$uppercase_callsign = strtoupper($this->input->post('callsign', TRUE) ?? '');
// SCP results from logbook
$this->load->model('logbook_model');

43
application/controllers/Search.php
View File

@@ -75,10 +75,8 @@ class Search extends CI_Controller {
}
function json_result() {
if(isset($_POST['search'])) {
$result = $this->fetchQueryResult($_POST['search'], false);
echo json_encode($result->result_array());
}
$result = $this->fetchQueryResult(($this->input->post('search', TRUE) ?? ''), FALSE);
echo json_encode($result->result_array());
}
function get_stored_queries() {
@@ -88,17 +86,13 @@ class Search extends CI_Controller {
}
function search_result() {
if(isset($_POST['search'])) {
$data['results'] = $this->fetchQueryResult($_POST['search'], false);
$this->load->view('search/search_result_ajax', $data);
}
$data['results'] = $this->fetchQueryResult(($this->input->post('search', TRUE) ?? ''), FALSE);
$this->load->view('search/search_result_ajax', $data);
}
function export_to_adif() {
if(isset($_POST['search'])) {
$data['qsos'] = $this->fetchQueryResult($_POST['search'], false);
$this->load->view('adif/data/exportall', $data);
}
$data['qsos'] = $this->fetchQueryResult(($this->input->post('search', TRUE) ?? ''), FALSE);
$this->load->view('adif/data/exportall', $data);
}
function export_stored_query_to_adif() {
@@ -122,20 +116,21 @@ class Search extends CI_Controller {
}
function save_query() {
if(isset($_POST['search'])) {
$query = $this->fetchQueryResult($_POST['search'], true);
$search_param = $this->input->post('search', TRUE);
$description = $this->input->post('description', TRUE);
$data = array(
'userid' => xss_clean($this->session->userdata('user_id')),
'query' => $query,
'description' => xss_clean($_POST['description'])
);
$query = $this->fetchQueryResult($search_param, TRUE);
$this->db->insert('queries', $data);
$last_id = $this->db->insert_id();
header('Content-Type: application/json');
echo json_encode(array('id' => $last_id, 'description' => xss_clean($_POST['description'])));
}
$data = array(
'userid' => xss_clean($this->session->userdata('user_id')),
'query' => $query,
'description' => $description
);
$this->db->insert('queries', $data);
$last_id = $this->db->insert_id();
header('Content-Type: application/json');
echo json_encode(array('id' => $last_id, 'description' => $description));
}
function delete_query() {