diff --git a/app/xml_cdr/xml_cdr.php b/app/xml_cdr/xml_cdr.php index 67f870b803..d3203f1cee 100644 --- a/app/xml_cdr/xml_cdr.php +++ b/app/xml_cdr/xml_cdr.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2017 + Portions created by the Initial Developer are Copyright (C) 2008-2018 the Initial Developer. All Rights Reserved. Contributor(s): @@ -82,47 +82,47 @@ echo "".$text['title']."


\n"; echo "\n"; echo "
\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; if (is_array($_SESSION['cdr']['field'])) { foreach ($_SESSION['cdr']['field'] as $field) { $array = explode(",", $field); $field_name = $array[count($array) - 1]; if (isset($_REQUEST[$field_name])) { - echo " \n"; + echo " \n"; } } } if (isset($order_by)) { - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; } if (permission_exists('xml_cdr_all') && $_REQUEST['show'] == 'all') { echo " \n"; @@ -139,7 +139,7 @@ if ($_REQUEST['show'] == 'all') { $query_string = "show=all"; } - echo " \n"; + echo " \n"; } if ($_GET['call_result'] != 'missed') { echo " \n"; @@ -149,7 +149,7 @@ if ($_REQUEST['show'] == 'all') { $query_string = "show=all"; } - echo " \n"; + echo " \n"; } echo " \n"; echo " \n"; @@ -232,7 +232,7 @@ echo " ".$text['label-caller_id_number']."\n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo " \n"; @@ -240,7 +240,7 @@ echo " ".$text['label-destination']."\n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo "\n"; @@ -254,8 +254,8 @@ echo " ".$text['label-start_range']."\n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo " \n"; @@ -263,7 +263,7 @@ echo " ".$text['label-caller_id_name']."\n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo "\n"; @@ -318,7 +318,7 @@ foreach ($cdr_status_options as $cdr_status) { $selected = ($hangup_cause == $cdr_status) ? "selected='selected'" : null; $cdr_status_label = ucwords(strtolower(str_replace("_", " ", $cdr_status))); - echo " \n"; + echo " \n"; } echo " \n"; echo " \n"; @@ -330,7 +330,7 @@ echo " ".$text['label-caller_destination']."\n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; } @@ -498,8 +498,8 @@ echo "\n"; if (permission_exists('xml_cdr_delete')) { echo " "; - echo " "; - echo " "; + echo " "; + echo " "; echo " "; $xml_ids[] = 'checkbox_'.$row['uuid']; } @@ -523,7 +523,7 @@ $image_name .= '_b'; } $image_name .= ".png"; - echo "\n"; + echo "\n"; } } else { echo " "; } @@ -535,39 +535,39 @@ echo " \n"; } //caller id name - echo " ".$row['caller_id_name']." \n"; + echo " ".escape($row['caller_id_name'])." \n"; //source echo " "; - echo " \n"; + echo " \n"; if (is_numeric($row['caller_id_number'])) { echo " ".format_phone($row['caller_id_number']).' '; } else { - echo " ".$row['caller_id_number'].' '; + echo " ".escape($row['caller_id_number']).' '; } echo " "; echo " \n"; //caller destination if (permission_exists('caller_destination')) { echo " "; - echo " \n"; + echo " \n"; if (is_numeric($row['caller_destination'])) { - echo " ".format_phone($row['caller_destination']).' '; + echo " ".format_phone(escape($row['caller_destination'])).' '; } else { - echo " ".$row['caller_destination'].' '; + echo " ".escape($row['caller_destination']).' '; } echo " "; echo " \n"; } //destination echo " "; - echo " \n"; + echo " \n"; if (is_numeric($row['destination_number'])) { - echo format_phone($row['destination_number'])."\n"; + echo format_phone(escape($row['destination_number']))."\n"; } else { - echo " ".$row['destination_number']."\n"; + echo " ".escape($row['destination_number'])."\n"; } echo " \n"; echo " \n"; @@ -576,14 +576,14 @@ if ($record_path != '' && file_exists($record_path.'/'.$record_name)) { echo " "; if (permission_exists('recording_play')) { - echo ""; - echo "".$v_link_label_play.""; + echo ""; + echo "".$v_link_label_play.""; } else { echo "don't have recording_play permission "; } if (permission_exists('recording_download')) { - echo "".$v_link_label_download.""; + echo "".$v_link_label_download.""; } echo " \n"; } @@ -597,12 +597,12 @@ $array = explode(",", $field); $field_name = $array[count($array) - 1]; if ($field_name != "destination_number") { - echo " ".$row[$field_name] ."\n"; + echo " ".escape($row[$field_name])."\n"; } } } //start - echo " ".$tmp_start_epoch."\n"; + echo " ".escape($tmp_start_epoch)."\n"; //tta (time to answer) echo " ".(($row['tta'] > 0) ? $row['tta']."s" : " ")."\n"; //duration @@ -670,7 +670,7 @@ } //pdd (post dial delay) if (permission_exists("xml_cdr_pdd")) { - echo " ".number_format($row['pdd_ms']/1000,2)."s\n"; + echo " ".number_format(escape($row['pdd_ms'])/1000,2)."s\n"; } //mos (mean opinion score) if (permission_exists("xml_cdr_mos")) { @@ -682,10 +682,10 @@ } //hangup cause/call result if (permission_exists('hangup_cause')) { - echo " ".$hangup_cause."\n"; + echo " ".escape($hangup_cause)."\n"; } else { - echo " ".ucwords($call_result)."\n"; + echo " ".ucwords(escape($call_result))."\n"; } //control icons if (permission_exists('xml_cdr_details')) { @@ -694,7 +694,7 @@ echo " $v_link_label_view"; //CJB } if (permission_exists('xml_cdr_delete')) { - echo "".$v_link_label_delete.""; + echo "".$v_link_label_delete.""; } echo " \n"; }