Fixed sec-issues at stations (edit / delete / empty / copy)

pull/2350/head
int2001 2023-07-30 09:05:51 +00:00
rodzic 37281f8fe6
commit bcf3aecd1a
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: DFB1C13CD2DB037B
1 zmienionych plików z 47 dodań i 39 usunięć

Wyświetl plik

@ -31,14 +31,13 @@ class Station extends CI_Controller {
$this->load->view('interface_assets/footer'); $this->load->view('interface_assets/footer');
} }
public function create() public function create() {
{
$this->load->model('stations'); $this->load->model('stations');
$this->load->model('dxcc'); $this->load->model('dxcc');
$data['dxcc_list'] = $this->dxcc->list(); $data['dxcc_list'] = $this->dxcc->list();
$this->load->model('logbook_model'); $this->load->model('logbook_model');
$data['iota_list'] = $this->logbook_model->fetchIota(); $data['iota_list'] = $this->logbook_model->fetchIota();
$this->load->library('form_validation'); $this->load->library('form_validation');
@ -59,50 +58,57 @@ class Station extends CI_Controller {
} }
} }
public function edit($id) public function edit($id) {
{ $this->load->model('stations');
$data = $this->load_station_for_editing($id); if ($this->stations->check_station_is_accessible($id)) {
$data['page_title'] = "Edit Station Location: {$data['my_station_profile']->station_profile_name}"; $data = $this->load_station_for_editing($id);
$data['page_title'] = "Edit Station Location: {$data['my_station_profile']->station_profile_name}";
if ($this->form_validation->run() == FALSE) { if ($this->form_validation->run() == FALSE) {
$this->load->view('interface_assets/header', $data); $this->load->view('interface_assets/header', $data);
$this->load->view('station_profile/edit'); $this->load->view('station_profile/edit');
$this->load->view('interface_assets/footer'); $this->load->view('interface_assets/footer');
} else {
$this->stations->edit();
$data['notice'] = "Station Profile " . $this->security->xss_clean($this->input->post('station_profile_name', true)) . " Updated";
redirect('station');
}
} else { } else {
$this->stations->edit();
$data['notice'] = "Station Profile " . $this->security->xss_clean($this->input->post('station_profile_name', true)) . " Updated";
redirect('station'); redirect('station');
} }
} }
public function copy($id) public function copy($id) {
{ $this->load->model('stations');
$data = $this->load_station_for_editing($id); if ($this->stations->check_station_is_accessible($id)) {
$data['page_title'] = "Duplicate Station Location: {$data['my_station_profile']->station_profile_name}"; $data = $this->load_station_for_editing($id);
$data['page_title'] = "Duplicate Station Location: {$data['my_station_profile']->station_profile_name}";
// we NULLify station_id and station_profile_name to make sure we are creating a new station // we NULLify station_id and station_profile_name to make sure we are creating a new station
$data['copy_from'] = $data['my_station_profile']->station_id; $data['copy_from'] = $data['my_station_profile']->station_id;
$data['my_station_profile']->station_id = NULL; $data['my_station_profile']->station_id = NULL;
$data['my_station_profile']->station_profile_name = ''; $data['my_station_profile']->station_profile_name = '';
if ($this->form_validation->run() == FALSE) if ($this->form_validation->run() == FALSE)
{ {
$this->load->view('interface_assets/header', $data); $this->load->view('interface_assets/header', $data);
$this->load->view('station_profile/edit'); $this->load->view('station_profile/edit');
$this->load->view('interface_assets/footer'); $this->load->view('interface_assets/footer');
} }
else else
{ {
$this->stations->add(); $this->stations->add();
redirect('station');
}
} else {
redirect('station'); redirect('station');
} }
} }
function load_station_for_editing($id): array function load_station_for_editing($id): array {
{
$this->load->library('form_validation'); $this->load->library('form_validation');
$this->load->model('stations'); $this->load->model('stations');
@ -159,15 +165,17 @@ class Station extends CI_Controller {
public function delete($id) { public function delete($id) {
$this->load->model('stations'); $this->load->model('stations');
$this->stations->delete($id); if ($this->stations->check_station_is_accessible($id)) {
$this->stations->delete($id);
}
redirect('station'); redirect('station');
} }
public function deletelog($id) { public function deletelog($id) {
$this->load->model('stations'); $this->load->model('stations');
$this->stations->deletelog($id); if ($this->stations->check_station_is_accessible($id)) {
$this->stations->deletelog($id);
}
redirect('station'); redirect('station');
} }