From f5d02f02bad66d1b36edb3990e451b52af025963 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Thu, 10 Jul 2025 05:38:23 +0000
Subject: [PATCH] Added extra-fence for numeric input (never! trust userinput)

---
 application/controllers/Band.php | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/application/controllers/Band.php b/application/controllers/Band.php
index 385fa5259..5ffac4e6a 100644
--- a/application/controllers/Band.php
+++ b/application/controllers/Band.php
@@ -206,13 +206,16 @@ class Band extends CI_Controller {
 		$frequencyfrom = $this->security->xss_clean($this->input->post('frequencyfrom', true));
 		$frequencyto = $this->security->xss_clean($this->input->post('frequencyto', true));
 		$mode = $this->security->xss_clean($this->input->post('mode', true));
-
-		$overlap=$this->bands->check4overlapEdges($id, $frequencyfrom, $frequencyto, $mode);
-		if (!($overlap)) {
-			$this->bands->saveBandEdge($id, $frequencyfrom, $frequencyto, $mode);
-			echo json_encode(array('message' => 'OK'));
+		if ((is_numeric($frequencyfrom)) && (is_numeric($frequencyfrom))) {
+			$overlap=$this->bands->check4overlapEdges($id, $frequencyfrom, $frequencyto, $mode);
+			if (!($overlap)) {
+				$this->bands->saveBandEdge($id, $frequencyfrom, $frequencyto, $mode);
+				echo json_encode(array('message' => 'OK'));
+			} else {
+				echo json_encode(array('message' => 'Overlapping'));
+			}
 		} else {
-			echo json_encode(array('message' => 'Overlapping'));
+			echo json_encode(array('message' => 'No Number entered'));
 		}
 		return;
 	}