From fc25037cfb3c6746164b04eae362150bb3c8d7d5 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Tue, 6 Aug 2024 13:16:20 +0200
Subject: [PATCH] xss_cleaned some more GET inputs

---
 application/controllers/Lookup.php | 4 ++--
 application/controllers/Qso.php    | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/application/controllers/Lookup.php b/application/controllers/Lookup.php
index 563e2cd2e..cc0a9b7a4 100644
--- a/application/controllers/Lookup.php
+++ b/application/controllers/Lookup.php
@@ -180,8 +180,8 @@ class Lookup extends CI_Controller {
     public function get_county() {
         $json = [];
 
-        if(!empty($this->input->get("query"))) {
-            $county = $this->input->get("state");
+        if(!empty($this->security->xss_clean($this->input->get("query")))) {
+            $county = $this->security->xss_clean($this->input->get("state"));
             $cleanedcounty = explode('(', $county);
             $cleanedcounty = trim($cleanedcounty[0]);
 
diff --git a/application/controllers/Qso.php b/application/controllers/Qso.php
index a5a33f504..64b5fc221 100644
--- a/application/controllers/Qso.php
+++ b/application/controllers/Qso.php
@@ -449,7 +449,7 @@ class QSO extends CI_Controller {
 		$this->load->library('sota');
 		$json = [];
 
-		if (!empty($this->input->get("query"))) {
+		if (!empty($this->security->xss_clean($this->input->get("query")))) {
 			$query = $_GET['query'] ?? FALSE;
 			$json = $this->sota->get($query);
 		}
@@ -461,7 +461,7 @@ class QSO extends CI_Controller {
 	public function get_wwff() {
         $json = [];
 
-        if(!empty($this->input->get("query"))) {
+        if (!empty($this->security->xss_clean($this->input->get("query")))) {
             $query = isset($_GET['query']) ? $_GET['query'] : FALSE;
             $wwff = strtoupper($query);
 
@@ -497,7 +497,7 @@ class QSO extends CI_Controller {
 	public function get_pota() {
         $json = [];
 
-        if(!empty($this->input->get("query"))) {
+        if (!empty($this->security->xss_clean($this->input->get("query")))) {
             $query = isset($_GET['query']) ? $_GET['query'] : FALSE;
             $pota = strtoupper($query);
 
@@ -536,7 +536,7 @@ class QSO extends CI_Controller {
     public function get_dok() {
         $json = [];
 
-        if(!empty($this->input->get("query"))) {
+        if (!empty($this->security->xss_clean($this->input->get("query")))) {
             $query = isset($_GET['query']) ? $_GET['query'] : FALSE;
             $dok = strtoupper($query);