mirror of
https://github.com/fusionpbx/fusionpbx.git
synced 2026-01-16 05:28:26 +00:00
Escape user data on destination_edit.php (#3109)
This commit is contained in:
AlexanderDCrane
committed by
FusionPBX
FusionPBX
parent
edcbb57c4c
commit
c4fd21aaa9
@@ -791,7 +791,7 @@
|
||||
echo "<td align='left' width='30%' nowrap='nowrap' valign='top'><b>".$text['header-destination-edit']."</b></td>\n";
|
||||
}
|
||||
echo "<td width='70%' align='right' valign='top'>";
|
||||
echo " <input type='button' class='btn' alt='".$text['button-back']."' onclick=\"window.location='destinations.php?type=".$destination_type."'\" value='".$text['button-back']."'>";
|
||||
echo " <input type='button' class='btn' alt='".$text['button-back']."' onclick=\"window.location='destinations.php?type=".escape($destination_type)."'\" value='".$text['button-back']."'>";
|
||||
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
|
||||
echo "</td>\n";
|
||||
echo "</tr>\n";
|
||||
@@ -825,7 +825,7 @@
|
||||
echo " ".$text['label-destination_number']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_number' maxlength='255' value=\"$destination_number\" required='required'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_number' maxlength='255' value=\"".escape($destination_number)."\" required='required'>\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-destination_number']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -837,7 +837,7 @@
|
||||
echo " ".$text['label-destination_caller_id_name']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_caller_id_name' maxlength='255' value=\"$destination_caller_id_name\">\n";
|
||||
echo " <input class='formfld' type='text' name='destination_caller_id_name' maxlength='255' value=\"".escape($destination_caller_id_name)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-destination_caller_id_name']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -848,7 +848,7 @@
|
||||
echo " ".$text['label-destination_caller_id_number']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='number' name='destination_caller_id_number' maxlength='255' min='0' step='1' value=\"$destination_caller_id_number\">\n";
|
||||
echo " <input class='formfld' type='number' name='destination_caller_id_number' maxlength='255' min='0' step='1' value=\"".escape($destination_caller_id_number)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-destination_caller_id_number']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -860,7 +860,7 @@
|
||||
echo " ".$text['label-destination_context']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_context' id='destination_context' maxlength='255' value=\"$destination_context\">\n";
|
||||
echo " <input class='formfld' type='text' name='destination_context' id='destination_context' maxlength='255' value=\"".escape($destination_context)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-destination_context']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -896,9 +896,9 @@
|
||||
echo " <tr>\n";
|
||||
echo " <td style='padding-top: 5px; padding-right: 3px; white-space: nowrap;'>\n";
|
||||
if (strlen($row['dialplan_detail_uuid']) > 0) {
|
||||
echo " <input name='dialplan_details[".$x."][dialplan_detail_uuid]' type='hidden' value=\"".$row['dialplan_detail_uuid']."\">\n";
|
||||
echo " <input name='dialplan_details[".$x."][dialplan_detail_uuid]' type='hidden' value=\"".escape($row['dialplan_detail_uuid'])."\">\n";
|
||||
}
|
||||
echo " <input name='dialplan_details[".$x."][dialplan_detail_type]' type='hidden' value=\"".$row['dialplan_detail_type']."\">\n";
|
||||
echo " <input name='dialplan_details[".$x."][dialplan_detail_type]' type='hidden' value=\"".escape($row['dialplan_detail_type'])."\">\n";
|
||||
echo " <input name='dialplan_details[".$x."][dialplan_detail_order]' type='hidden' value=\"".$order."\">\n";
|
||||
$data = $row['dialplan_detail_data'];
|
||||
$label = explode("XML", $data);
|
||||
@@ -908,7 +908,7 @@
|
||||
echo " </td>\n";
|
||||
echo " <td class='list_control_icons' style='width: 25px;'>";
|
||||
if (strlen($row['destination_uuid']) > 0) {
|
||||
echo "<a href='destination_delete.php?id=".$row['destination_uuid']."&destination_uuid=".$row['destination_uuid']."&a=delete' alt='delete' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>\n";
|
||||
echo " <a href='destination_delete.php?id=".escape($row['destination_uuid'])."&destination_uuid=".escape($row['destination_uuid'])."&a=delete' alt='delete' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>\n";
|
||||
}
|
||||
echo " </td>\n";
|
||||
echo " </tr>\n";
|
||||
@@ -939,10 +939,10 @@
|
||||
echo " <option value=''></option>\n";
|
||||
foreach ($result as &$row) {
|
||||
if ($row["fax_uuid"] == $fax_uuid) {
|
||||
echo " <option value='".$row["fax_uuid"]."' selected='selected'>".$row["fax_extension"]." ".$row["fax_name"]."</option>\n";
|
||||
echo " <option value='".escape($row["fax_uuid"])."' selected='selected'>".escape($row["fax_extension"])." ".escape($row["fax_name"])."</option>\n";
|
||||
}
|
||||
else {
|
||||
echo " <option value='".$row["fax_uuid"]."'>".$row["fax_extension"]." ".$row["fax_name"]."</option>\n";
|
||||
echo " <option value='".escape($row["fax_uuid"])."'>".escape($row["fax_extension")]." ".escape($row["fax_name"])."</option>\n";
|
||||
}
|
||||
}
|
||||
echo " </select>\n";
|
||||
@@ -958,7 +958,7 @@
|
||||
echo " ".$text['label-destination_cid_name_prefix']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_cid_name_prefix' maxlength='255' value=\"$destination_cid_name_prefix\">\n";
|
||||
echo " <input class='formfld' type='text' name='destination_cid_name_prefix' maxlength='255' value=\"".escape($destination_cid_name_prefix)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-destination_cid_name_prefix']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -993,7 +993,7 @@
|
||||
echo " ".$text['label-account_code']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_accountcode' maxlength='255' value=\"$destination_accountcode\">\n";
|
||||
echo " <input class='formfld' type='text' name='destination_accountcode' maxlength='255' value=\"".escape($destination_accountcode)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-account_code']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -1013,10 +1013,10 @@
|
||||
}
|
||||
foreach ($_SESSION['domains'] as $row) {
|
||||
if ($row['domain_uuid'] == $domain_uuid) {
|
||||
echo " <option value='".$row['domain_uuid']."' selected='selected'>".$row['domain_name']."</option>\n";
|
||||
echo " <option value='".escape($row['domain_uuid'])."' selected='selected'>".escape($row['domain_name'])."</option>\n";
|
||||
}
|
||||
else {
|
||||
echo " <option value='".$row['domain_uuid']."'>".$row['domain_name']."</option>\n";
|
||||
echo " <option value='".escape($row['domain_uuid'])."'>".escape($row['domain_name'])."</option>\n";
|
||||
}
|
||||
}
|
||||
echo " </select>\n";
|
||||
@@ -1026,7 +1026,7 @@
|
||||
echo "</tr>\n";
|
||||
}
|
||||
else {
|
||||
echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>\n";
|
||||
echo "<input type='hidden' name='domain_uuid' value='".escape($domain_uuid)."'>\n";
|
||||
}
|
||||
|
||||
echo "<tr>\n";
|
||||
@@ -1053,7 +1053,7 @@
|
||||
echo " ".$text['label-destination_description']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='destination_description' maxlength='255' value=\"$destination_description\">\n";
|
||||
echo " <input class='formfld' type='text' name='destination_description' maxlength='255' value=\"".escape($destination_description)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-destination_description']."\n";
|
||||
echo "</td>\n";
|
||||
@@ -1061,9 +1061,9 @@
|
||||
echo " <tr>\n";
|
||||
echo " <td colspan='2' align='right'>\n";
|
||||
if ($action == "update") {
|
||||
echo " <input type='hidden' name='db_destination_number' value='$destination_number'>\n";
|
||||
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
|
||||
echo " <input type='hidden' name='destination_uuid' value='$destination_uuid'>\n";
|
||||
echo " <input type='hidden' name='db_destination_number' value='".escape($destination_number)."'>\n";
|
||||
echo " <input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
|
||||
echo " <input type='hidden' name='destination_uuid' value='".escape($destination_uuid)."'>\n";
|
||||
}
|
||||
echo " <br>";
|
||||
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
|
||||
|
||||
Reference in New Issue
Block a user