From eaf8fa1247f21216d76d51078f666153a708dd70 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Wed, 6 Jun 2018 10:26:57 -0600 Subject: [PATCH] Update call_center_agents.php --- app/call_centers/call_center_agents.php | 56 +++++++++++++------------ 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/app/call_centers/call_center_agents.php b/app/call_centers/call_center_agents.php index 3cda98e46a..16fe82d1f2 100644 --- a/app/call_centers/call_center_agents.php +++ b/app/call_centers/call_center_agents.php @@ -17,22 +17,26 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2012 + Portions created by the Initial Developer are Copyright (C) 2008-2018 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ -require_once "root.php"; -require_once "resources/require.php"; -require_once "resources/check_auth.php"; -if (permission_exists('call_center_agent_view')) { - //access granted -} -else { - echo "access denied"; - exit; -} + +//includes + require_once "root.php"; + require_once "resources/require.php"; + require_once "resources/check_auth.php"; + +//check permissions + if (permission_exists('call_center_agent_view')) { + //access granted + } + else { + echo "access denied"; + exit; + } //add multi-lingual support $language = new text; @@ -100,7 +104,6 @@ else { $result_count = count($result); unset ($prep_statement, $sql); - $c = 0; $row_style["0"] = "row_style0"; $row_style["1"] = "row_style1"; @@ -129,20 +132,20 @@ else { } else { //received results foreach($result as $row) { - $tr_link = (permission_exists('call_center_agent_edit')) ? "href='call_center_agent_edit.php?id=".$row['call_center_agent_uuid']."'" : null; + $tr_link = (permission_exists('call_center_agent_edit')) ? "href='call_center_agent_edit.php?id=".escape($row['call_center_agent_uuid'])."'" : null; echo "\n"; - //echo " ".$row[domain_uuid]."\n"; + //echo " ".escape($row[domain_uuid])."\n"; echo " "; if (permission_exists('call_center_agent_edit')) { - echo "".$row['agent_name'].""; + echo "".escape($row['agent_name']).""; } else { - echo $row['agent_name']; + echo escape($row['agent_name']); } echo " \n"; - echo " ".$row['agent_id']." \n"; - echo " ".$row['agent_type']." \n"; - echo " ".$row['agent_call_timeout']." \n"; + echo " ".escape($row['agent_id'])." \n"; + echo " ".escape($row['agent_type'])." \n"; + echo " ".escape($row['agent_call_timeout'])." \n"; $agent_contact = $row['agent_contact']; // parse out gateway uuid $bridge_statement = explode('/', $row['agent_contact']); @@ -159,20 +162,20 @@ else { unset ($prep_statement, $sql, $bridge_statement); } echo " ".$agent_contact." \n"; - echo " ".$row['agent_max_no_answer']." \n"; - echo " ".$row['agent_status']." \n"; + echo " ".escape($row['agent_max_no_answer'])." \n"; + echo " ".escape($row['agent_status'])." \n"; //echo " ".$row[agent_wrap_up_time]." \n"; //echo " ".$row[agent_reject_delay_time]." \n"; //echo " ".$row[agent_busy_delay_time]." \n"; echo " \n"; if (permission_exists('call_center_agent_edit')) { - echo "".$v_link_label_edit.""; + echo "".$v_link_label_edit.""; } if (permission_exists('call_center_agent_delete')) { - echo "".$v_link_label_delete.""; + echo "".$v_link_label_delete.""; } - //echo " \n"; - //echo " \n"; + //echo " \n"; + //echo " \n"; echo " \n"; echo "\n"; if ($c==0) { $c=1; } else { $c=0; } @@ -201,4 +204,5 @@ else { //show the footer require_once "resources/footer.php"; -?> \ No newline at end of file + +?>