diff --git a/app/devices/device_vendor_functions.php b/app/devices/device_vendor_functions.php
index e825c25015..3fd6d91917 100644
--- a/app/devices/device_vendor_functions.php
+++ b/app/devices/device_vendor_functions.php
@@ -126,7 +126,7 @@
echo th_order_by('description', $text['label-description'], $order_by, $order);
echo "| ";
if (permission_exists('device_vendor_function_add')) {
- echo "$v_link_label_add";
+ echo "$v_link_label_add";
}
else {
echo " \n";
@@ -160,28 +160,28 @@
unset($sql, $prep_statement);
unset($group_list);
foreach ($vendor_function_groups as &$sub_row) {
- $group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+ $group_list[] = escape($sub_row["group_name"]).(($sub_row['group_domain_uuid'] != '') ? "@".escape($_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name']) : null);
}
$group_list = isset($group_list) ? implode(', ', $group_list) : '';
unset ($vendor_function_groups);
//build the edit link
if (permission_exists('device_vendor_function_edit')) {
- $tr_link = "href='device_vendor_function_edit.php?device_vendor_uuid=".$row['device_vendor_uuid']."&id=".$row['device_vendor_function_uuid']."'";
+ $tr_link = "href='device_vendor_function_edit.php?device_vendor_uuid=".escape($row['device_vendor_uuid'])."&id=".escape($row['device_vendor_function_uuid'])."'";
}
//show the row of data
echo " | \n";
- echo " | ".$text['label-'.$row['name']]." | \n";
- echo " ".$row['name']." | \n";
- echo " ".$row['value']." | \n";
- echo " ".$group_list." | \n";
- echo " ".$row['enabled']." | \n";
- echo " ".$row['description']." | \n";
+ echo " ".$text['label-'.escape($row['name'])]." | \n";
+ echo " ".escape($row['name'])." | \n";
+ echo " ".escape($row['value'])." | \n";
+ echo " ".escape($group_list)." | \n";
+ echo " ".escape($row['enabled'])." | \n";
+ echo " ".escape($row['description'])." | \n";
echo " ";
if (permission_exists('device_vendor_function_edit')) {
- echo "$v_link_label_edit";
+ echo "$v_link_label_edit";
}
if (permission_exists('device_vendor_function_delete')) {
- echo "$v_link_label_delete";
+ echo "$v_link_label_delete";
}
echo " | \n";
echo "
\n";
@@ -199,7 +199,7 @@
echo " $paging_controls | \n";
echo " ";
if (permission_exists('device_vendor_function_add')) {
- echo "$v_link_label_add";
+ echo "$v_link_label_add";
}
else {
echo " ";
|