From 2ea3d8a62a7a7cad2442dcda73cd1021514d5b13 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Wed, 27 Jan 2021 22:25:04 -0700 Subject: [PATCH] Add more escape functions to the click to call php file. --- app/click_to_call/click_to_call.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/click_to_call/click_to_call.php b/app/click_to_call/click_to_call.php index c3538d6a2c..50a7ff3f5b 100644 --- a/app/click_to_call/click_to_call.php +++ b/app/click_to_call/click_to_call.php @@ -209,7 +209,7 @@ else { //display the last command $switch_cmd = "api originate ".$source.$switch_cmd; - echo "
".$src." has called ".$dest."
\n"; + echo "
".escape($src)." has called ".escape($dest)."
\n"; //show the command result $result = trim(event_socket_request($fp, $switch_cmd)); if (substr($result, 0,3) == "+OK") { @@ -218,11 +218,13 @@ //use the server's time zone to ensure it matches the time zone used by freeswitch date_default_timezone_set($_SESSION['time_zone']['system']); //create the api record command and send it over event socket - $switch_cmd = "api uuid_record ".$origination_uuid." start ".$record_path."/".$record_name; + if (is_uuid($origination_uuid) && file_exists($record_path)) { + $switch_cmd = "api uuid_record ".$origination_uuid." start ".$record_path."/".$record_name; + } $result2 = trim(event_socket_request($fp, $switch_cmd)); } } - echo "

".$result."

\n"; + echo "

".escape($result)."

\n"; } } @@ -291,7 +293,7 @@ echo "\n"; echo " ".$text['label-src-num']."\n"; echo " \n"; - echo " \n"; + echo " \n"; echo "
\n"; echo " ".$text['desc-src-num']."\n"; echo " \n"; @@ -300,7 +302,7 @@ echo "\n"; echo " ".$text['label-dest-num']."\n"; echo " \n"; - echo " \n"; + echo " \n"; echo "
\n"; echo " ".$text['desc-dest-num']."\n"; echo " \n";