From 52825a8f592b9106633757b658997b5ecfd6badf Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Wed, 11 Jun 2025 16:12:30 -0600
Subject: [PATCH] Allow additional characters for the name, content and details
 - Allow additional characters - Allow multi-lingual - Use escape to keep it
 secure

---
 core/dashboard/dashboard.php                   | 1 -
 core/dashboard/dashboard_edit.php              | 4 ++--
 core/dashboard/resources/dashboard/content.php | 8 ++++++++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/core/dashboard/dashboard.php b/core/dashboard/dashboard.php
index 0480136a5c..d9b7d3cd63 100644
--- a/core/dashboard/dashboard.php
+++ b/core/dashboard/dashboard.php
@@ -260,4 +260,3 @@
 	require_once "resources/footer.php";
 
 ?>
-
diff --git a/core/dashboard/dashboard_edit.php b/core/dashboard/dashboard_edit.php
index 6366cc015c..bfe58508e5 100644
--- a/core/dashboard/dashboard_edit.php
+++ b/core/dashboard/dashboard_edit.php
@@ -122,7 +122,7 @@
 		$text_pattern = '/[^a-zA-Z0-9 _\-\/.\?:\=#\n]/';
 
 		//sanitize the data
-		$dashboard_name = trim(preg_replace('/[^a-zA-Z0-9 _\-\/.#]/', '', $dashboard_name));
+		$dashboard_name = trim($dashboard_name);
 		$dashboard_path = preg_replace($text_pattern, '', strtolower($dashboard_path));
 		$dashboard_icon = preg_replace($text_pattern, '', $dashboard_icon);
 		$dashboard_icon_color = preg_replace($text_pattern, '', $dashboard_icon_color);
@@ -130,7 +130,7 @@
 		$dashboard_target = trim(preg_replace($text_pattern, '', $dashboard_target));
 		$dashboard_width = trim(preg_replace($text_pattern, '', $dashboard_width));
 		$dashboard_height = trim(preg_replace($text_pattern, '', $dashboard_height));
-		$dashboard_content = trim(preg_replace($text_pattern, '', $dashboard_content));
+		$dashboard_content = trim($dashboard_content);
 		$dashboard_content_text_align = trim(preg_replace($text_pattern, '', $dashboard_content_text_align));
 		$dashboard_content_details = trim(preg_replace($text_pattern, '', $dashboard_content_details));
 		$dashboard_chart_type = preg_replace($text_pattern, '', $dashboard_chart_type);
diff --git a/core/dashboard/resources/dashboard/content.php b/core/dashboard/resources/dashboard/content.php
index fcc2096d95..27d98202bf 100644
--- a/core/dashboard/resources/dashboard/content.php
+++ b/core/dashboard/resources/dashboard/content.php
@@ -14,6 +14,14 @@
 	if ($dashboard_content_length < 30) { $dashboard_content_text_vertical_align = 'middle'; }
 	$dashboard_content_height = $dashboard_row_span * 120 . 'px';
 
+//escape the content and details
+	$dashboard_content = escape($dashboard_content);
+	$dashboard_content_details = escape($dashboard_content_details);
+
+//allow line breaks
+	$dashboard_content = str_replace('&lt;br &sol;&gt;', '<br />', $dashboard_content);
+	$dashboard_content_details = str_replace('&lt;br &sol;&gt;', '<br />', $dashboard_content_details);
+
 //dashboard icon
 	echo "<div class='hud_box'>\n";
 	echo "	<div class='hud_content' ".(!empty($row['dashboard_background_color']) ? "style='background: ".$row['dashboard_background_color'].";'" : null)." ".(empty($dashboard_details_state) || $dashboard_details_state != "disabled" ? "onclick=\"$('#hud_content_details').slideToggle('fast'); toggle_grid_row_end('".trim(preg_replace("/[^a-z]/", '_', strtolower($row['dashboard_name'])),'_')."');\"" : null).">\n";