From fde8575d0e262e9b2f212ede59c08c130d607303 Mon Sep 17 00:00:00 2001
From: Mian Muhammad Imran Shah <shahmian@gmail.com>
Date: Fri, 3 Sep 2021 09:45:21 +0500
Subject: [PATCH] XSS Fixed

---
 application/controllers/Category.php | 34 ++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/application/controllers/Category.php b/application/controllers/Category.php
index 03eec58..5b0b058 100644
--- a/application/controllers/Category.php
+++ b/application/controllers/Category.php
@@ -42,14 +42,22 @@ public function list_category()
     // Add new category to Databse
     public function insert_category()
     {
+        $this->load->library('form_validation');
         extract($_POST);
-        $data = array(
-            'category_name' => $category_name
-        );
-        $response = $this->Main_model->add_record('category', $data);
-        if ($response) {
-            $this->session->set_flashdata('success', 'Record added Successfully..!');
+        $this->form_validation->set_rules('category_name', 'Category Name', 'trim|required|min_length[5]|max_length[12]');
+        if ($this->form_validation->run() == FALSE) {
+            $this->session->set_flashdata('error', 'Invalid Input');
             redirect(base_url() . 'index.php/category/list_category');
+        } else {
+
+            $data = array(
+                'category_name' => $this->security->xss_clean($category_name)
+            );
+            $response = $this->Main_model->add_record('category', $data);
+            if ($response) {
+                $this->session->set_flashdata('success', 'Record added Successfully..!');
+                redirect(base_url() . 'index.php/category/list_category');
+            }
         }
     }
 
@@ -58,9 +66,17 @@ public function update_category()
     {
         $cat_id = $this->input->post('cid');
 
-        $category = array(
-            'category_name' => $this->input->post('category_name'),
-        );
+        $this->load->library('form_validation');
+        extract($_POST);
+        $this->form_validation->set_rules('category_name', 'Category Name', 'trim|required|min_length[5]|max_length[12]');
+        if ($this->form_validation->run() == FALSE) {
+            $this->session->set_flashdata('error', 'Invalid Input');
+            redirect(base_url() . 'index.php/category/list_category');
+        } else {
+
+            $data = array(
+                'category_name' => $this->security->xss_clean($category_name)
+            );
         $where = array('category_id' => $cat_id);
         $this->load->model('Main_model');
         $response = $this->Main_model->update_record('category', $category, $where);