Use the escape function on name_filter to prevent XSS

app/basic_operator_panel/resources/content.php

@@ -155,9 +155,9 @@ if (is_array($groups) && @sizeof($groups) > 0) {
 }
 echo "				<td valign='top' nowrap='nowrap'>";
 echo "					<input type='hidden' id='extension_filter' value=\"".escape($_REQUEST['extension_filter'])."\">";
-echo "					<input type='hidden' id='name_filter' value=\"".strtolower($_REQUEST['name_filter'])."\">";
+echo "					<input type='hidden' id='name_filter' value=\"".strtolower(escape($_REQUEST['name_filter']))."\">";
 echo "					<input type='text' class='formfld' placeholder='Filter Extension' value=\"".escape($_REQUEST['extension_filter'])."\" onkeyup=\"document.getElementById('extension_filter').value = this.value; refresh_start();\" onfocus='refresh_stop();'>\n";
-echo "					<input type='text' class='formfld' placeholder='Filter Name' value=\"".strtolower($_REQUEST['name_filter'])."\" onkeyup=\"document.getElementById('name_filter').value = this.value; refresh_start();\" onfocus='refresh_stop();'>\n";
+echo "					<input type='text' class='formfld' placeholder='Filter Name' value=\"".strtolower(escape($_REQUEST['name_filter']))."\" onkeyup=\"document.getElementById('name_filter').value = this.value; refresh_start();\" onfocus='refresh_stop();'>\n";
 echo "					<input type='button' class='btn' title=\"Clear\" value=\"Clear\" onclick=\"document.getElementById('extension_filter').value = ''; document.getElementById('name_filter').value = '';\" ".$onhover_pause_refresh.">";
 echo "				</td>";
 echo "				</tr>";