diff --git a/app/devices/device_vendor_function_edit.php b/app/devices/device_vendor_function_edit.php
index 4bbae27150..23b4e60aa6 100644
--- a/app/devices/device_vendor_function_edit.php
+++ b/app/devices/device_vendor_function_edit.php
@@ -40,7 +40,7 @@
$db->exec(check_sql($sql));
//redirect the browser
messages::add($text['message-delete']);
- header("Location: device_vendor_function_edit.php?id=".$device_vendor_function_uuid ."&device_vendor_uuid=".$device_vendor_uuid);
+ header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid));
return;
}
@@ -186,7 +186,7 @@
//redirect the user
$_SESSION["message"] = $text['message-'.$action];
- header("Location: device_vendor_function_edit.php?id=".$device_vendor_function_uuid ."&device_vendor_uuid=".$device_vendor_uuid);
+ header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid));
return;
} //if ($_POST["persistformvar"] != "true")
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
@@ -260,7 +260,7 @@
echo "\n";
echo "".$text['title-device_vendor_function']."
| \n";
echo "\n";
- echo " ";
+ echo " ";
echo " ";
echo " | \n";
echo "
\n";
@@ -270,7 +270,7 @@
//echo " ".$text['label-label']."\n";
//echo "\n";
//echo "\n";
- //echo " \n";
+ //echo " \n";
//echo "
\n";
//echo $text['description-label']."\n";
//echo " | \n";
@@ -281,7 +281,7 @@
echo " ".$text['label-name']."\n";
echo "\n";
echo "\n";
- echo " \n";
+ echo " \n";
echo "
\n";
echo $text['description-name']."\n";
echo " | \n";
@@ -292,7 +292,7 @@
echo " ".$text['label-value']."\n";
echo "\n";
echo "\n";
- echo " \n";
+ echo " \n";
echo "
\n";
echo $text['description-value']."\n";
echo " | \n";
@@ -330,7 +330,7 @@
if ($field['group_name'] == "superadmin" && !if_group("superadmin")) { continue; } //only show the superadmin group to other superadmins
if ($field['group_name'] == "admin" && (!if_group("superadmin") && !if_group("admin") )) { continue; } //only show the admin group to other admins
if (!in_array($field["group_uuid"], $assigned_groups)) {
- echo " \n";
+ echo " \n";
}
}
echo "";
@@ -369,16 +369,16 @@
echo " ".$text['label-description']."\n";
echo "\n";
echo "\n";
- echo " \n";
+ echo " \n";
echo "
\n";
echo $text['description-description']."\n";
echo " | \n";
echo "\n";
echo " \n";
echo " | \n";
- echo " \n";
+ echo " \n";
if ($action == "update") {
- echo " \n";
+ echo " \n";
}
echo " \n";
echo " | \n";