diff --git a/app/contacts/contact_notes.php b/app/contacts/contact_notes.php index 6bd8985756..67d8c16795 100644 --- a/app/contacts/contact_notes.php +++ b/app/contacts/contact_notes.php @@ -83,19 +83,19 @@ $contact_note = escape($row['contact_note']); $contact_note = str_replace("\n","
",$contact_note); if (permission_exists('contact_note_add')) { - $tr_link = "href='contact_note_edit.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_note_uuid']."'"; + $tr_link = "href='contact_note_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_note_uuid'])."'"; } echo "\n"; echo " "; - echo "
".$row['last_mod_user'].": ".date("j M Y @ H:i:s", strtotime($row['last_mod_date']))."
"; - echo $contact_note." "; + echo "
".escape($row['last_mod_user']).": ".date("j M Y @ H:i:s", strtotime($row['last_mod_date']))."
"; + echo escape($contact_note)." "; echo " \n"; echo " "; if (permission_exists('contact_note_edit')) { - echo "$v_link_label_edit"; + echo "$v_link_label_edit"; } if (permission_exists('contact_note_delete')) { - echo "$v_link_label_delete"; + echo "$v_link_label_delete"; } echo " \n"; echo "\n";