Security bug fixes

application/models/Eqsl_images.php

@@ -30,7 +30,12 @@ class Eqsl_images extends CI_Model {
 		$this->db->select('COL_PRIMARY_KEY, qso_id, COL_CALL, COL_MODE, , COL_SUBMODE, COL_TIME_ON, COL_BAND, COL_SAT_NAME, image_file');
 		$this->db->join($this->config->item('table_name'), 'qso_id = COL_PRIMARY_KEY', 'left outer');
 		$this->db->join('station_profile', $this->config->item('table_name').'.station_id = station_profile.station_id', 'left outer');
+		if (!empty($logbooks_locations_array)) {
 			$this->db->where_in('station_profile.station_id', $logbooks_locations_array);
+		} else {
+			// Option 1: Prevent query and return empty result
+			return [];
+		}
 		$this->db->order_by('COL_TIME_ON', 'DESC');
 		return $this->db->get('eQSL_images');
 	}

application/models/Eqslmethods_model.php

@@ -63,7 +63,12 @@ class Eqslmethods_model extends CI_Model {
         $this->db->or_where($this->config->item('table_name').'.COL_EQSL_QSL_SENT', 'Q');
         $this->db->or_where($this->config->item('table_name').'.COL_EQSL_QSL_SENT', 'N');
         $this->db->group_end();
+        if (!empty($logbooks_locations_array)) {
             $this->db->where_in('station_profile.station_id', $logbooks_locations_array);
+        } else {
+            // Option 1: Skip the query altogether (return no results)
+            return [];
+        }
 
         return $this->db->get();
     }
@@ -91,7 +96,12 @@ class Eqslmethods_model extends CI_Model {
         $this->db->where($this->config->item('table_name').'.COL_CALL !=', '');
         $this->db->where($this->config->item('table_name').'.COL_EQSL_QSL_RCVD', 'Y');
         $this->db->where('qso_id', NULL);
+        if (!empty($logbooks_locations_array)) {
             $this->db->where_in('station_profile.station_id', $logbooks_locations_array);
+        } else {
+            // Option 1: Skip the query altogether (return no results)
+            return [];
+        }
         $this->db->order_by("COL_TIME_ON", "desc");
 
         return $this->db->get();

application/models/User_model.php

@@ -266,7 +266,7 @@ class User_Model extends CI_Model {
 					'user_quicklog' => xss_clean($fields['user_quicklog']),
 					'user_quicklog_enter' => xss_clean($fields['user_quicklog_enter']),
 					'language' => xss_clean($fields['language']),
-					'winkey' => isset($fields['user_winkey']) ? xss_clean($fields['user_winkey']) : 0,
+					'winkey' => (isset($fields['user_winkey']) && is_numeric($clean = xss_clean($fields['user_winkey'])) && $clean !== '') ? intval($clean) : 0,
 					'winkey_websocket' => isset($fields['user_winkey_websocket']) ? xss_clean($fields['user_winkey_websocket']) : 0,
 				);
 

application/views/logbookadvanced/index.php

@@ -20,6 +20,10 @@ if (!isset($options->operator)) {
 }
 ?>
 </script>
+<script>
+    const CSRF_NAME = '<?= $this->security->get_csrf_token_name(); ?>';
+    const CSRF_HASH = '<?= $this->security->get_csrf_hash(); ?>';
+</script>
 <style>
 /*Legend specific*/
 .legend {

assets/js/sections/logbookadvanced.js

@@ -2,6 +2,21 @@ var callBookProcessingDialog = null;
 var inCallbookProcessing = false;
 var inCallbookItemProcessing = false;
 
+// Ensure CSRF token is included in all POST requests
+if (typeof CSRF_NAME !== 'undefined' && typeof CSRF_HASH !== 'undefined') {
+    $.ajaxSetup({
+        beforeSend: function(xhr, settings) {
+            if (settings.type === 'POST') {
+                if (typeof settings.data === 'string') {
+                    settings.data += '&' + encodeURIComponent(CSRF_NAME) + '=' + encodeURIComponent(CSRF_HASH);
+                } else if (typeof settings.data === 'object') {
+                    settings.data[CSRF_NAME] = CSRF_HASH;
+                }
+            }
+        }
+    });
+}
+
 $('#band').change(function () {
 	var band = $("#band option:selected").text();
 	if (band != "SAT") {