Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

xss_cleaned some more GET inputs

Browse Source
This commit is contained in:
github-actions
2024-08-06 13:16:20 +02:00
parent 696b79fb5a
commit fc25037cfb
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/controllers/Lookup.php
View File

@@ -180,8 +180,8 @@ class Lookup extends CI_Controller {
public function get_county() {
$json = [];
if(!empty($this->input->get("query"))) {
$county = $this->input->get("state");
if(!empty($this->security->xss_clean($this->input->get("query")))) {
$county = $this->security->xss_clean($this->input->get("state"));
$cleanedcounty = explode('(', $county);
$cleanedcounty = trim($cleanedcounty[0]);

8
application/controllers/Qso.php
View File

@@ -449,7 +449,7 @@ class QSO extends CI_Controller {
$this->load->library('sota');
$json = [];
if (!empty($this->input->get("query"))) {
if (!empty($this->security->xss_clean($this->input->get("query")))) {
$query = $_GET['query'] ?? FALSE;
$json = $this->sota->get($query);
}
@@ -461,7 +461,7 @@ class QSO extends CI_Controller {
public function get_wwff() {
$json = [];
if(!empty($this->input->get("query"))) {
if (!empty($this->security->xss_clean($this->input->get("query")))) {
$query = isset($_GET['query']) ? $_GET['query'] : FALSE;
$wwff = strtoupper($query);
@@ -497,7 +497,7 @@ class QSO extends CI_Controller {
public function get_pota() {
$json = [];
if(!empty($this->input->get("query"))) {
if (!empty($this->security->xss_clean($this->input->get("query")))) {
$query = isset($_GET['query']) ? $_GET['query'] : FALSE;
$pota = strtoupper($query);
@@ -536,7 +536,7 @@ class QSO extends CI_Controller {
public function get_dok() {
$json = [];
if(!empty($this->input->get("query"))) {
if (!empty($this->security->xss_clean($this->input->get("query")))) {
$query = isset($_GET['query']) ? $_GET['query'] : FALSE;
$dok = strtoupper($query);