From 11673494efde211bd7dd077af4861894d29d1601 Mon Sep 17 00:00:00 2001
From: Peter Goodhall <peter@magicbug.co.uk>
Date: Sat, 2 Aug 2025 11:04:59 +0100
Subject: [PATCH] Sanitize state input in Stations model

Added xss_clean sanitization to 'station_ca_state' and 'station_state' POST inputs to enhance security and prevent XSS vulnerabilities when handling state data.
---
 application/models/Stations.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/application/models/Stations.php b/application/models/Stations.php
index 03463427..83670c1e 100644
--- a/application/models/Stations.php
+++ b/application/models/Stations.php
@@ -77,9 +77,9 @@ class Stations extends CI_Model {
 
 		// Check if the state is Canada and get the correct state
 		if ($this->input->post('dxcc') == 1 && $this->input->post('station_ca_state') !="") {
-			$state = $this->input->post('station_ca_state');
+			$state = xss_clean($this->input->post('station_ca_state', true));
 		} else {
-			$state = $this->input->post('station_state');
+			$state = xss_clean($this->input->post('station_state', true));
 		}
 
 		// Create data array with field values
@@ -131,9 +131,9 @@ class Stations extends CI_Model {
 
 		// Check if the state is Canada and get the correct state
 		if ($this->input->post('dxcc') == 1 && $this->input->post('station_ca_state') !="") {
-			$state = $this->input->post('station_ca_state');
+			$state = xss_clean($this->input->post('station_ca_state', true));
 		} else {
-			$state = $this->input->post('station_state');
+			$state =  xss_clean($this->input->post('station_state', true));
 		}
 
 		$data = array(