Resolve CodeQL alert 25

[roslynwythe]

Prerequisite

1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to analyze CodeQL query alert 25 then either recommend dismissal of the alert or update the code to resolve the alert.

Action Items

• DO NOT DISMISS ANY ALERTS. Dismissal of alerts should be done by dev leads only after review of the recommendation
• Browse to the link in the next Action Item and read the contents. Click "See More" to view Recommendations, Examples and References.
• https://github.com/hackforla/website/security/code-scanning/25
• In a comment in this issue, add your analysis and recommendations. The recommendation can be one of the following: dismiss as test, dismiss as false positive, dismiss as won't fix, or update code. An example of a false positive is a report of a JavaScript syntax error that is caused by markdown or liquid symbols such as --- or {%
• If the recommendation is to dismiss the alert, apply the label ready for dev lead then move the issue to Questions/In Review
• If the recommendation is to update code:
  • create an issue branch and proceed with the code update
  • test using docker to ensure that there are no changes to any affected webpage(s)
  • proceed with pull request in the usual manner

For merge team/dev lead

• If recommendation to dismiss is approved, dismiss the alert with a comment, then close the issue as completed.
• If recommendation to update code is approved, move the issue to "In Progress", remove "ready for dev lead" label and notify assignee to proceed
• In either case when this issue is closed please check off the dependency (under "Analysis Issues") in Create Issues for Analysis of CodeQL alerts #5060. If all analysis issues are closed, close Create Issues for Analysis of CodeQL alerts #5060 as completed.

Resources/Instructions

• GitHub CodeQL documentation
• This issue is part of Create Issues for Analysis of CodeQL alerts #5060

[github-actions]

Hi @roslynwythe.

Please don't forget to add the proper labels to this issue. Currently, the labels for the following are missing:
Complexity, Role, Feature

NOTE: Please ignore the adding proper labels comment if you do not have 'write' access to this directory.

To add a label, take a look at Github's documentation here.

Also, don't forget to remove the "missing labels" afterwards.
To remove a label, the process is similar to adding a label, but you select a currently added label to remove it.

After the proper labels are added, the merge team will review the issue and add a "Ready for Prioritization" label once it is ready for prioritization.

Additional Resources:

• Wiki: How to create issues
• Wiki: How to read and interpret labels