dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize the menu link by restricting it to specific characters.

This commit is contained in:
FusionPBX 2022-07-08 18:38:13 -06:00 committed by GitHub
parent 88b34831e4
commit 084e36d0a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
resources/classes/menu.php
View File

@ -17,7 +17,7 @@
The Initial Developer of the Original Code is The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com> Mark J Crane <markjcrane@fusionpbx.com>
Copyright (C) 2010 - 2020 Copyright (C) 2010 - 2022
All Rights Reserved. All Rights Reserved.
Contributor(s): Contributor(s):
@ -420,6 +420,9 @@ if (!class_exists('menu')) {
$menu_item_order = $menu['order']; $menu_item_order = $menu['order'];
$menu_item_description = $menu['desc']; $menu_item_description = $menu['desc'];
//sanitize the menu link
$menu_item_path = preg_replace('#[^a-zA-Z0-9_\-\.\&\=\?\/]#', '', $menu_item_path);
//check if the menu item exists and if it does set the row array //check if the menu item exists and if it does set the row array
$menu_item_exists = false; $menu_item_exists = false;
foreach ($menu_items as $item) { foreach ($menu_items as $item) {