diff --git a/app/ring_groups/ring_groups.php b/app/ring_groups/ring_groups.php index aaf56c5bf8..09515aa7fe 100644 --- a/app/ring_groups/ring_groups.php +++ b/app/ring_groups/ring_groups.php @@ -70,7 +70,7 @@ // echo "  \n"; echo "
\n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo "
\n"; @@ -95,7 +95,7 @@ //prepare to page the results (reuse $sql from above) $prep_statement = $db->prepare($sql); if ($prep_statement) { - $prep_statement->execute(); + $prep_statement->execute(); $row = $prep_statement->fetch(PDO::FETCH_ASSOC); if (strlen($row['num_rows']) > 0) { $num_rows = $row['num_rows']; @@ -159,23 +159,23 @@ echo "\n"; echo " "; if (permission_exists('ring_group_edit')) { - echo "".$row['ring_group_name'].""; + echo "".escape($row['ring_group_name']).""; } else { echo $row['ring_group_name']; } echo " \n"; - echo " ".$row['ring_group_extension']." \n"; - echo " ".$text['option-'.$row['ring_group_strategy']]." \n"; - echo " ".(($row['ring_group_forward_enabled'] == 'true') ? format_phone($row['ring_group_forward_destination']) : null)." \n"; - echo " ".$text['label-'.$row['ring_group_enabled']]." \n"; - echo " ".$row['ring_group_description']." \n"; + echo " ".escape($row['ring_group_extension'])." \n"; + echo " ".$text['option-'.escape($row['ring_group_strategy'])]." \n"; + echo " ".(($row['ring_group_forward_enabled'] == 'true') ? format_phone(escape($row['ring_group_forward_destination'])) : null)." \n"; + echo " ".$text['label-'.escape($row['ring_group_enabled'])]." \n"; + echo " ".escape($row['ring_group_description'])." \n"; echo " "; if (permission_exists('ring_group_edit')) { - echo "$v_link_label_edit"; + echo "$v_link_label_edit"; } if (permission_exists('ring_group_delete')) { - echo "$v_link_label_delete"; + echo "$v_link_label_delete"; } echo " \n"; echo "\n";