diff --git a/app/fax/fax_files.php b/app/fax/fax_files.php index 9c8ece2cfe..348fc4050f 100644 --- a/app/fax/fax_files.php +++ b/app/fax/fax_files.php @@ -17,22 +17,26 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2015 + Portions created by the Initial Developer are Copyright (C) 2018 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ -require_once "root.php"; -require_once "resources/require.php"; -require_once "resources/check_auth.php"; -if (permission_exists('fax_file_view')) { - //access granted -} -else { - echo "access denied"; - exit; -} + +//includes + require_once "root.php"; + require_once "resources/require.php"; + require_once "resources/check_auth.php"; + +//check permissions + if (permission_exists('fax_file_view')) { + //access granted + } + else { + echo "access denied"; + exit; + } //add multi-lingual support $language = new text; @@ -331,10 +335,10 @@ else { } echo ""; echo "\n"; - echo " ".$row['fax_caller_id_name']." \n"; - echo " ".format_phone($row['fax_caller_id_number'])." \n"; + echo " ".escape($row['fax_caller_id_name'])." \n"; + echo " ".escape(format_phone($row['fax_caller_id_number']))." \n"; if ($_REQUEST['box'] == 'sent') { - echo " ".format_phone($row['fax_destination'])." \n"; + echo " ".escape(format_phone($row['fax_destination']))." \n"; } echo " \n"; if ($_REQUEST['box'] == 'inbox' && permission_exists('fax_inbox_view')) { @@ -365,10 +369,10 @@ else { echo " \n"; } echo " \n"; - echo " ".date("F d Y H:i:s", strtotime($row['fax_date']))." \n"; + echo " ".date("F d Y H:i:s", strtotime(escape($row['fax_date'])))." \n"; echo " "; if (permission_exists('fax_file_delete')) { - echo "$v_link_label_delete"; + echo "$v_link_label_delete"; } echo " \n"; echo "\n"; @@ -386,4 +390,5 @@ else { //include the footer require_once "resources/footer.php"; + ?>