Security bug fixes
这个提交包含在:
Peter Goodhall
父节点
4d10db1fc0
当前提交
a783f7d8a4
共有 5 个文件被更改,包括 38 次插入 和 4 次删除
|
|
@ -30,7 +30,12 @@ class Eqsl_images extends CI_Model {
|
|||
$this->db->select('COL_PRIMARY_KEY, qso_id, COL_CALL, COL_MODE, , COL_SUBMODE, COL_TIME_ON, COL_BAND, COL_SAT_NAME, image_file');
|
||||
$this->db->join($this->config->item('table_name'), 'qso_id = COL_PRIMARY_KEY', 'left outer');
|
||||
$this->db->join('station_profile', $this->config->item('table_name').'.station_id = station_profile.station_id', 'left outer');
|
||||
if (!empty($logbooks_locations_array)) {
|
||||
$this->db->where_in('station_profile.station_id', $logbooks_locations_array);
|
||||
} else {
|
||||
// Option 1: Prevent query and return empty result
|
||||
return [];
|
||||
}
|
||||
$this->db->order_by('COL_TIME_ON', 'DESC');
|
||||
return $this->db->get('eQSL_images');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,7 +63,12 @@ class Eqslmethods_model extends CI_Model {
|
|||
$this->db->or_where($this->config->item('table_name').'.COL_EQSL_QSL_SENT', 'Q');
|
||||
$this->db->or_where($this->config->item('table_name').'.COL_EQSL_QSL_SENT', 'N');
|
||||
$this->db->group_end();
|
||||
if (!empty($logbooks_locations_array)) {
|
||||
$this->db->where_in('station_profile.station_id', $logbooks_locations_array);
|
||||
} else {
|
||||
// Option 1: Skip the query altogether (return no results)
|
||||
return [];
|
||||
}
|
||||
|
||||
return $this->db->get();
|
||||
}
|
||||
|
|
@ -91,7 +96,12 @@ class Eqslmethods_model extends CI_Model {
|
|||
$this->db->where($this->config->item('table_name').'.COL_CALL !=', '');
|
||||
$this->db->where($this->config->item('table_name').'.COL_EQSL_QSL_RCVD', 'Y');
|
||||
$this->db->where('qso_id', NULL);
|
||||
if (!empty($logbooks_locations_array)) {
|
||||
$this->db->where_in('station_profile.station_id', $logbooks_locations_array);
|
||||
} else {
|
||||
// Option 1: Skip the query altogether (return no results)
|
||||
return [];
|
||||
}
|
||||
$this->db->order_by("COL_TIME_ON", "desc");
|
||||
|
||||
return $this->db->get();
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ class User_Model extends CI_Model {
|
|||
'user_quicklog' => xss_clean($fields['user_quicklog']),
|
||||
'user_quicklog_enter' => xss_clean($fields['user_quicklog_enter']),
|
||||
'language' => xss_clean($fields['language']),
|
||||
'winkey' => isset($fields['user_winkey']) ? xss_clean($fields['user_winkey']) : 0,
|
||||
'winkey' => (isset($fields['user_winkey']) && is_numeric($clean = xss_clean($fields['user_winkey'])) && $clean !== '') ? intval($clean) : 0,
|
||||
'winkey_websocket' => isset($fields['user_winkey_websocket']) ? xss_clean($fields['user_winkey_websocket']) : 0,
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,10 @@ if (!isset($options->operator)) {
|
|||
}
|
||||
?>
|
||||
</script>
|
||||
<script>
|
||||
const CSRF_NAME = '<?= $this->security->get_csrf_token_name(); ?>';
|
||||
const CSRF_HASH = '<?= $this->security->get_csrf_hash(); ?>';
|
||||
</script>
|
||||
<style>
|
||||
/*Legend specific*/
|
||||
.legend {
|
||||
|
|
|
|||
|
|
@ -2,6 +2,21 @@ var callBookProcessingDialog = null;
|
|||
var inCallbookProcessing = false;
|
||||
var inCallbookItemProcessing = false;
|
||||
|
||||
// Ensure CSRF token is included in all POST requests
|
||||
if (typeof CSRF_NAME !== 'undefined' && typeof CSRF_HASH !== 'undefined') {
|
||||
$.ajaxSetup({
|
||||
beforeSend: function(xhr, settings) {
|
||||
if (settings.type === 'POST') {
|
||||
if (typeof settings.data === 'string') {
|
||||
settings.data += '&' + encodeURIComponent(CSRF_NAME) + '=' + encodeURIComponent(CSRF_HASH);
|
||||
} else if (typeof settings.data === 'object') {
|
||||
settings.data[CSRF_NAME] = CSRF_HASH;
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
$('#band').change(function () {
|
||||
var band = $("#band option:selected").text();
|
||||
if (band != "SAT") {
|
||||
|
|
|
|||
正在加载…
在新工单中引用