nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize the menu link by restricting it to specific characters.

Browse Source
This commit is contained in:
FusionPBX
2022-07-08 18:28:08 -06:00
committed by GitHub
parent 6780949019
commit 88b34831e4
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/menu/menu_item_edit.php
View File

@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2019
Portions created by the Initial Developer are Copyright (C) 2008-2022
the Initial Developer. All Rights Reserved.
Contributor(s):
@@ -87,6 +87,9 @@
$menu_item_order = $_POST["menu_item_order"];
}
//sanitize the menu link
$menu_item_link = preg_replace('#[^a-zA-Z0-9_\-\.\&\=\?\/]#', '', $menu_item_link);
//when a HTTP POST is available then process it
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -561,4 +564,4 @@
//include the footer
require_once "resources/footer.php";
?>
?>