nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow additional characters for the name, content and details

Browse Source 
- Allow additional characters
- Allow multi-lingual
- Use escape to keep it secure
This commit is contained in:
FusionPBX
2025-06-11 16:31:42 -06:00
committed by GitHub
parent 09808aed37
commit b75cd54e1b
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/dashboard/dashboard_edit.php
View File

@@ -118,14 +118,14 @@
$text_pattern = '/[^a-zA-Z0-9 _\-\/.\?:\=#\n]/';
//sanitize the data
$dashboard_name = trim(preg_replace('/[^a-zA-Z0-9 _\-\/.#]/', '', $dashboard_name));
$dashboard_name = trim($dashboard_name);
$dashboard_path = preg_replace($text_pattern, '', strtolower($dashboard_path));
$dashboard_icon = preg_replace($text_pattern, '', $dashboard_icon);
$dashboard_url = trim(preg_replace($text_pattern, '', $dashboard_url));
$dashboard_target = trim(preg_replace($text_pattern, '', $dashboard_target));
$dashboard_width = trim(preg_replace($text_pattern, '', $dashboard_width));
$dashboard_height = trim(preg_replace($text_pattern, '', $dashboard_height));
$dashboard_content = trim(preg_replace($text_pattern, '', $dashboard_content));
$dashboard_content = trim($dashboard_content);
$dashboard_content_text_align = trim(preg_replace($text_pattern, '', $dashboard_content_text_align));
$dashboard_content_details = trim(preg_replace($text_pattern, '', $dashboard_content_details));
$dashboard_chart_type = preg_replace($text_pattern, '', $dashboard_chart_type);

8
core/dashboard/resources/dashboard/content.php
View File

@@ -14,6 +14,14 @@
if ($dashboard_content_length < 30) { $dashboard_content_text_vertical_align = 'middle'; }
$dashboard_content_height = $dashboard_row_span * 120 . 'px';
//escape the content and details
$dashboard_content = escape($dashboard_content);
$dashboard_content_details = escape($dashboard_content_details);
//allow line breaks
$dashboard_content = str_replace('&lt;br &sol;&gt;', '<br />', $dashboard_content);
$dashboard_content_details = str_replace('&lt;br &sol;&gt;', '<br />', $dashboard_content_details);
//dashboard icon
echo "<div class='hud_box'>\n";
echo " <div class='hud_content' ".(!empty($row['dashboard_background_color']) ? "style='background: ".$row['dashboard_background_color'].";'" : null)." ".(empty($dashboard_details_state) || $dashboard_details_state != "disabled" ? "onclick=\"$('#hud_content_details').slideToggle('fast'); toggle_grid_row_end('".trim(preg_replace("/[^a-z]/", '_', strtolower($row['dashboard_name'])),'_')."');\"" : null).">\n";