Added extra-fence for numeric input (never! trust userinput)

2026-03-22 10:24:14 +00:00 · 2025-07-10 05:38:23 +00:00
parent 280229d073
commit f5d02f02ba
1 changed files with 9 additions and 6 deletions
--- a/application/controllers/Band.php
+++ b/application/controllers/Band.php
@@ -206,13 +206,16 @@ class Band extends CI_Controller {
 		$frequencyfrom = $this->security->xss_clean($this->input->post('frequencyfrom', true));
 		$frequencyto = $this->security->xss_clean($this->input->post('frequencyto', true));
 		$mode = $this->security->xss_clean($this->input->post('mode', true));
-
-		$overlap=$this->bands->check4overlapEdges($id, $frequencyfrom, $frequencyto, $mode);
-		if (!($overlap)) {
-			$this->bands->saveBandEdge($id, $frequencyfrom, $frequencyto, $mode);
-			echo json_encode(array('message' => 'OK'));
+		if ((is_numeric($frequencyfrom)) && (is_numeric($frequencyfrom))) {
+			$overlap=$this->bands->check4overlapEdges($id, $frequencyfrom, $frequencyto, $mode);
+			if (!($overlap)) {
+				$this->bands->saveBandEdge($id, $frequencyfrom, $frequencyto, $mode);
+				echo json_encode(array('message' => 'OK'));
+			} else {
+				echo json_encode(array('message' => 'Overlapping'));
+			}
 		} else {
-			echo json_encode(array('message' => 'Overlapping'));
+			echo json_encode(array('message' => 'No Number entered'));
 		}
 		return;
 	}