From bce8490f3e1500cbbd38d5ed7c3c35310868a2d4 Mon Sep 17 00:00:00 2001
From: Mark Crane <markjcrane@gmail.com>
Date: Fri, 1 May 2015 12:38:30 +0000
Subject: [PATCH] Fix the redirect on the fax file delete and change the
 tabbing.

---
 app/fax/fax_box.php         |   6 +-
 app/fax/fax_file_delete.php | 123 ++++++++++++++++++------------------
 2 files changed, 66 insertions(+), 63 deletions(-)

diff --git a/app/fax/fax_box.php b/app/fax/fax_box.php
index aa2e463823..b3927db3b5 100644
--- a/app/fax/fax_box.php
+++ b/app/fax/fax_box.php
@@ -46,9 +46,9 @@ else {
 
 //get fax extension
 	if (strlen($_GET['id']) > 0) {
-		if (is_uuid($_GET["id"])) {
-			$fax_uuid = $_GET["id"];
-		}
+		//get the key
+		$fax_uuid = check_str($_REQUEST["id"]);
+
 		if (if_group("superadmin") || if_group("admin")) {
 			//show all fax extensions
 			$sql = "select * from v_fax ";
diff --git a/app/fax/fax_file_delete.php b/app/fax/fax_file_delete.php
index 3e499fae31..d1e2c502b7 100644
--- a/app/fax/fax_file_delete.php
+++ b/app/fax/fax_file_delete.php
@@ -41,76 +41,79 @@ else {
 	}
 
 //get the id
-	if (is_uuid($_GET["id"])) {
-		$id = $_GET["id"];
+	if (isset($_REQUEST["id"])) {
+		$id = check_str($_REQUEST["id"]);
 	}
 
-if (strlen($id) > 0) {
-	//get the fax file data
-		$sql = "select * from v_fax_files ";
-		$sql .= "where fax_file_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
-			$domain_uuid = $row["domain_uuid"];
-			$fax_uuid = $row["fax_uuid"];
-			$fax_mode = $row["fax_mode"];
-			$fax_file_path = $row["fax_file_path"];
-			$fax_file_type = $row["fax_file_type"];
-		}
-		unset($prep_statement);
+//validate the id
+	if (strlen($id) > 0) {
+		//get the fax file data
+			$sql = "select * from v_fax_files ";
+			$sql .= "where fax_file_uuid = '$id' ";
+			//echo $sql."\n";
+			$prep_statement = $db->prepare(check_sql($sql));
+			$prep_statement->execute();
+			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			foreach ($result as &$row) {
+				$domain_uuid = $row["domain_uuid"];
+				$fax_uuid = $row["fax_uuid"];
+				$fax_mode = $row["fax_mode"];
+				$fax_file_path = $row["fax_file_path"];
+				$fax_file_type = $row["fax_file_type"];
+			}
+			unset($prep_statement);
 
-	//get the fax file data
-		$sql = "select * from v_fax_files ";
-		$sql .= "where fax_uuid = '$fax_uuid' ";
-		$sql .= "and domain_uuid = '$domain_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
-			$fax_extension = $row["fax_extension"];
-		}
-		unset($prep_statement);
+		//get the fax file data
+			$sql = "select * from v_fax_files ";
+			$sql .= "where fax_uuid = '$fax_uuid' ";
+			$sql .= "and domain_uuid = '$domain_uuid' ";
+			//echo $sql."\n";
+			$prep_statement = $db->prepare(check_sql($sql));
+			$prep_statement->execute();
+			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			foreach ($result as &$row) {
+				$fax_extension = $row["fax_extension"];
+			}
+			unset($prep_statement);
 
-	//delete fax_file
-		$sql = "delete from v_fax_files ";
-		$sql .= "where fax_file_uuid = '$id' ";
-		$sql .= "and domain_uuid = '$domain_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement);
+		//delete fax_file
+			$sql = "delete from v_fax_files ";
+			$sql .= "where fax_file_uuid = '$id' ";
+			$sql .= "and domain_uuid = '$domain_uuid' ";
+			//echo $sql."\n";
+			$prep_statement = $db->prepare(check_sql($sql));
+			$prep_statement->execute();
+			unset($prep_statement);
 
-	//set the type
-		if ($fax_mode == 'rx') {
-			$type = 'inbox';
-		}
-		if ($fax_mode == 'tx') {
-			$type = 'sent';
-		}
+		//set the type
+			if ($fax_mode == 'rx') {
+				$type = 'inbox';
+			}
+			if ($fax_mode == 'tx') {
+				$type = 'sent';
+			}
 
-	//set the fax directory
-		$fax_dir = $_SESSION['switch']['storage']['dir'].'/fax'.((count($_SESSION["domains"]) > 1) ? '/'.$_SESSION['domain_name'] : null);
-		$file = basename($row['fax_file_path']);
-		$file_ext = substr($file, -3);
-		$dir_fax = $fax_dir.'/'.$fax_extension.'/'.$type;
-		if (strtolower(substr($file, -3)) == "tif" || strtolower(substr($file, -3)) == "pdf") {
-			$file_name = substr($file, 0, (strlen($file) -4));
-		}
+		//set the fax directory
+			$fax_dir = $_SESSION['switch']['storage']['dir'].'/fax'.((count($_SESSION["domains"]) > 1) ? '/'.$_SESSION['domain_name'] : null);
+			$file = basename($row['fax_file_path']);
+			$file_ext = substr($file, -3);
+			$dir_fax = $fax_dir.'/'.$fax_extension.'/'.$type;
+			if (strtolower(substr($file, -3)) == "tif" || strtolower(substr($file, -3)) == "pdf") {
+				$file_name = substr($file, 0, (strlen($file) -4));
+			}
 
-	//if the file does not exist then remove temp/ out of the path
-		if (!file_exists($fax_file_path)) {
-			$file = str_replace("temp/", $type."/", $file);
-		}
+		//if the file does not exist then remove temp/ out of the path
+			if (!file_exists($fax_file_path)) {
+				$file = str_replace("temp/", $type."/", $file);
+			}
 
-	//delete the files
-		unlink($dir_fax.'/'.$file_name.'.tif');
-		unlink($dir_fax.'/'.$file_name.'.pdf');
-
-}
+		//delete the files
+			unlink($dir_fax.'/'.$file_name.'.tif');
+			unlink($dir_fax.'/'.$file_name.'.pdf');
+	}
 
 //redirect the user
 	$_SESSION['message'] = $text['message-delete'];
-	header('Location: fax_files.php?id='.$id.'&box='.$type);
+	header('Location: fax_files.php?id='.$fax_uuid.'&box='.$type);
 
 ?>
\ No newline at end of file