diff --git a/app/click_to_call/click_to_call.php b/app/click_to_call/click_to_call.php index c3538d6a2c..50a7ff3f5b 100644 --- a/app/click_to_call/click_to_call.php +++ b/app/click_to_call/click_to_call.php @@ -209,7 +209,7 @@ else { //display the last command $switch_cmd = "api originate ".$source.$switch_cmd; - echo "
".$src." has called ".$dest."
\n"; + echo "
".escape($src)." has called ".escape($dest)."
\n"; //show the command result $result = trim(event_socket_request($fp, $switch_cmd)); if (substr($result, 0,3) == "+OK") { @@ -218,11 +218,13 @@ //use the server's time zone to ensure it matches the time zone used by freeswitch date_default_timezone_set($_SESSION['time_zone']['system']); //create the api record command and send it over event socket - $switch_cmd = "api uuid_record ".$origination_uuid." start ".$record_path."/".$record_name; + if (is_uuid($origination_uuid) && file_exists($record_path)) { + $switch_cmd = "api uuid_record ".$origination_uuid." start ".$record_path."/".$record_name; + } $result2 = trim(event_socket_request($fp, $switch_cmd)); } } - echo "

".$result."

\n"; + echo "

".escape($result)."

\n"; } } @@ -291,7 +293,7 @@ echo "\n"; echo " ".$text['label-src-num']."\n"; echo " \n"; - echo " \n"; + echo " \n"; echo "
\n"; echo " ".$text['desc-src-num']."\n"; echo " \n"; @@ -300,7 +302,7 @@ echo "\n"; echo " ".$text['label-dest-num']."\n"; echo " \n"; - echo " \n"; + echo " \n"; echo "
\n"; echo " ".$text['desc-dest-num']."\n"; echo " \n";