From 435b7a5810ea1067ba52f51e2a931889ddb6b725 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Thu, 19 Sep 2019 08:08:17 -0600
Subject: [PATCH] Update fax_edit.php

---
 app/fax/fax_edit.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/fax/fax_edit.php b/app/fax/fax_edit.php
index 24e6e857a6..4416e26514 100644
--- a/app/fax/fax_edit.php
+++ b/app/fax/fax_edit.php
@@ -43,7 +43,7 @@
 	$text = $language->get();
 
 //get the fax_extension and save it as a variable
-	if (strlen($_REQUEST["fax_extension"]) > 0) {
+	if (isset($_REQUEST["fax_extension"])) {
 		$fax_extension = $_REQUEST["fax_extension"];
 	}
 
@@ -138,7 +138,7 @@
 	}
 
 //delete the user from the fax users
-	if ($_GET["a"] == "delete" && permission_exists("fax_extension_delete")) {
+	if (is_uuid($_REQUEST["user_uuid"]) && is_uuid($_REQUEST["id"]) && $_GET["a"] == "delete" && permission_exists("fax_extension_delete")) {
 		//set the variables
 			$user_uuid = $_REQUEST["user_uuid"];
 			$fax_uuid = $_REQUEST["id"];
@@ -197,7 +197,7 @@
 	clearstatcache();
 
 //process the data
-	if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
+	if (count($_POST) > 0 && is_uuid($_POST["fax_uuid"]) && strlen($_POST["persistformvar"]) == 0) {
 
 		$msg = '';
 		if ($action == "update" && permission_exists('fax_extension_edit')) {