From c4d31e20cd69a70d2cf8c662cc4d43f5af6ff7e6 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Fri, 10 Nov 2023 06:44:14 +0000
Subject: [PATCH] Added xss_clean and null-exception-handling to grid

---
 application/models/Logbook_model.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php
index bd54ec0a..fdeef86e 100755
--- a/application/models/Logbook_model.php
+++ b/application/models/Logbook_model.php
@@ -289,10 +289,10 @@ class Logbook_model extends CI_Model {
     }
 
     // Decide whether its single gridsquare or a multi which makes it vucc_grids
-    if (strpos(trim($this->input->post('locator')), ',') !== false) {
-      $data['COL_VUCC_GRIDS'] = strtoupper(trim($this->input->post('locator')));
+    if (strpos(trim(xss_clean($this->input->post('locator')) ?? ''), ',') !== false) {
+      $data['COL_VUCC_GRIDS'] = strtoupper(trim(xss_clean($this->input->post('locator')) ?? ''));
     } else {
-      $data['COL_GRIDSQUARE'] = strtoupper(trim($this->input->post('locator')));
+      $data['COL_GRIDSQUARE'] = strtoupper(trim(xss_clean($this->input->post('locator')) ?? ''));
     }
 
     // if eQSL username set, default SENT & RCVD to 'N' else leave as null