From 536f65859a6ee30701b2e819a51dd52f099869d1 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Thu, 28 Nov 2019 03:15:03 -0700 Subject: [PATCH] Update fax_log_view.php --- app/fax/fax_log_view.php | 48 ++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/app/fax/fax_log_view.php b/app/fax/fax_log_view.php index 7673b5555d..26dac3bc3b 100644 --- a/app/fax/fax_log_view.php +++ b/app/fax/fax_log_view.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2018 + Portions created by the Initial Developer are Copyright (C) 2008-2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -42,9 +42,13 @@ $language = new text; $text = $language->get(); -//get ids - $fax_log_uuid = $_REQUEST["id"]; - $fax_uuid = $_REQUEST["fax_uuid"]; +//validate the uuids + if (is_uuid($_REQUEST["id"])) { + $fax_log_uuid = $_REQUEST["id"]; + } + if (is_uuid($_REQUEST["fax_uuid"])) { + $fax_uuid = $_REQUEST["fax_uuid"]; + } //pre-populate the form if (is_uuid($fax_log_uuid) && is_uuid($fax_uuid)) { @@ -83,7 +87,7 @@ require_once "resources/header.php"; //show the content - echo "
"; + echo "
"; echo "".$text['title-fax_log']."\n"; echo "

\n"; @@ -91,32 +95,32 @@ echo "\n"; echo "".$text['label-fax_success']."\n"; - echo "".$fax_success."\n"; + echo "".escape($fax_success)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_result_code']."\n"; - echo "".$fax_result_code."\n"; + echo "".escape($fax_result_code)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_result_text']."\n"; - echo "".$fax_result_text."\n"; + echo "".escape($fax_result_text)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_file']."\n"; - echo "".$fax_file."\n"; + echo "".escape($fax_file)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_ecm_used']."\n"; - echo "".$fax_ecm_used."\n"; + echo "".escape($fax_ecm_used)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_local_station_id']."\n"; - echo "".$fax_local_station_id."\n"; + echo "".escape($fax_local_station_id)."\n"; echo "\n"; echo "\n"; @@ -126,57 +130,57 @@ echo "\n"; echo "".$text['label-fax_document_total_pages']."\n"; - echo "".$fax_document_total_pages."\n"; + echo "".escape($fax_document_total_pages)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_image_resolution']."\n"; - echo "".$fax_image_resolution."\n"; + echo "".escape($fax_image_resolution)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_image_size']."\n"; - echo "".$fax_image_size."\n"; + echo "".escape($fax_image_size)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_bad_rows']."\n"; - echo "".$fax_bad_rows."\n"; + echo "".escape($fax_bad_rows)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_transfer_rate']."\n"; - echo "".$fax_transfer_rate."\n"; + echo "".escape($fax_transfer_rate)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_retry_attempts']."\n"; - echo "".$fax_retry_attempts."\n"; + echo "".escape($fax_retry_attempts)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_retry_limit']."\n"; - echo "".$fax_retry_limit."\n"; + echo "".escape($fax_retry_limit)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_retry_sleep']."\n"; - echo "".$fax_retry_sleep."\n"; + echo "".escape($fax_retry_sleep)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_uri']."\n"; - echo "".$fax_uri."\n"; + echo "".escape($fax_uri)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_date']."\n"; - echo "".$fax_date."\n"; + echo "".escape($fax_date)."\n"; echo "\n"; echo "\n"; echo "".$text['label-fax_epoch']."\n"; - echo "".$fax_epoch."\n"; + echo "".escape($fax_epoch)."\n"; echo "\n"; echo "";