From abbaccde9dde1d317b3dcaa2169ca075600f5c71 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Fri, 31 Mar 2023 13:25:42 -0600
Subject: [PATCH] Move xml::santize

Need to preserve ${caller_id_number} and ${strftime(%Y-%m-%d-%H-%M-%S)} so moved the xml::santize
---
 app/fax/resources/classes/fax.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/fax/resources/classes/fax.php b/app/fax/resources/classes/fax.php
index bf922eb884..fb68685ae8 100644
--- a/app/fax/resources/classes/fax.php
+++ b/app/fax/resources/classes/fax.php
@@ -17,7 +17,7 @@
 
  The Initial Developer of the Original Code is
  Mark J Crane <markjcrane@fusionpbx.com>
- Portions created by the Initial Developer are Copyright (C) 2008 - 2019
+ Portions created by the Initial Developer are Copyright (C) 2008 - 2023
  the Initial Developer. All Rights Reserved.
 
  Contributor(s):
@@ -125,7 +125,7 @@ if (!class_exists('fax')) {
 
 			//set the  last fax
 				if (strlen($_SESSION['fax']['last_fax']['text']) > 0) {
-					$last_fax = "last_fax=".$_SESSION['fax']['last_fax']['text'];
+					$last_fax = "last_fax=".xml::sanitize($_SESSION['fax']['last_fax']['text']);
 				}
 				else {
 					$last_fax = "last_fax=\${caller_id_number}-\${strftime(%Y-%m-%d-%H-%M-%S)}";
@@ -149,7 +149,7 @@ if (!class_exists('fax')) {
 						$dialplan_xml .= "		<action application=\"set\" data=\"".xml::sanitize($data)."\"/>\n";
 					}
 				}
-				$dialplan_xml .= "		<action application=\"set\" data=\"".xml::sanitize($last_fax)."\"/>\n";
+				$dialplan_xml .= "		<action application=\"set\" data=\"".$last_fax."\"/>\n";
 				$dialplan_xml .= "		<action application=\"rxfax\" data=\"$rxfax_data\"/>\n";
 				$dialplan_xml .= "		<action application=\"hangup\" data=\"\"/>\n";
 				$dialplan_xml .= "	</condition>\n";