Sanitize the caller ID name and number

app/xml_cdr/resources/classes/xml_cdr.php

@@ -614,6 +614,10 @@ if (!class_exists('xml_cdr')) {
 						$domain_name = urldecode($xml->variables->domain_name);
 						$domain_uuid = urldecode($xml->variables->domain_uuid);
 
+					//sanitize the caller ID
+						$caller_id_name = preg_replace('#[^a-zA-Z 0-9\-\.]#', '', $caller_id_name);
+						$caller_id_number = preg_replace('#[^0-9\-]#', '', $caller_id_number);
+
 					//misc
 						$this->array[$key][0]['ring_group_uuid'] = urldecode($xml->variables->ring_group_uuid);
 						$this->array[$key][0]['xml_cdr_uuid'] = $uuid;
@@ -1729,7 +1733,7 @@ if (!class_exists('xml_cdr')) {
 				$sql .= "filter ( \n";
 				$sql .= " where c.extension_uuid = e.extension_uuid \n";
 				$sql .= " and status = 'answered' \n";
-			 	if (!$this->include_internal) {
+				if (!$this->include_internal) {
 					$sql .= "and (direction = 'inbound' or direction = 'outbound') \n";
 				}
 				$sql .= ") \n";
@@ -1741,7 +1745,7 @@ if (!class_exists('xml_cdr')) {
 				$sql .= " where c.extension_uuid = e.extension_uuid \n";
 				$sql .= " and status = 'missed' \n";
 				$sql .= " and (cc_side is null or cc_side != 'agent') \n";
-			 	if (!$this->include_internal) {
+				if (!$this->include_internal) {
 					$sql .= "and (direction = 'inbound' or direction = 'outbound') \n";
 				}
 				$sql .= ") \n";
@@ -1752,7 +1756,7 @@ if (!class_exists('xml_cdr')) {
 				$sql .= "filter ( \n";
 				$sql .= " where c.extension_uuid = e.extension_uuid \n";
 				$sql .= " and status = 'voicemail' \n";
-			 	if (!$this->include_internal) {
+				if (!$this->include_internal) {
 					$sql .= "and (direction = 'inbound' or direction = 'outbound') \n";
 				}
 				$sql .= ") \n";
@@ -2252,5 +2256,3 @@ if (!class_exists('xml_cdr')) {
 
 	} //class
 }
-
-?>