dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape user data on call_flow_edit.php (#3093)

This commit is contained in:
AlexanderDCrane 2018-06-09 10:55:57 -06:00 committed by FusionPBX
parent 86a280cf32
commit 3036780397
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/call_flows/call_flow_edit.php
View File

@ -473,7 +473,7 @@
echo " ".$text['label-call_flow_name']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_name' maxlength='255' value=\"$call_flow_name\">\n";
echo " <input class='formfld' type='text' name='call_flow_name' maxlength='255' value=\"".escape($call_flow_name)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_name']."\n";
echo "</td>\n";
@ -484,7 +484,7 @@
echo " ".$text['label-call_flow_extension']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_extension' maxlength='255' value=\"$call_flow_extension\">\n";
echo " <input class='formfld' type='text' name='call_flow_extension' maxlength='255' value=\"".escape($call_flow_extension)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_extension']."\n";
echo "</td>\n";
@ -495,7 +495,7 @@
echo " ".$text['label-call_flow_feature_code']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_feature_code' maxlength='255' value=\"$call_flow_feature_code\">\n";
echo " <input class='formfld' type='text' name='call_flow_feature_code' maxlength='255' value=\"".escape($call_flow_feature_code)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_feature_code']."\n";
echo "</td>\n";
@ -551,7 +551,7 @@
echo " ".$text['label-call_flow_pin_number']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_pin_number' maxlength='255' value=\"$call_flow_pin_number\">\n";
echo " <input class='formfld' type='text' name='call_flow_pin_number' maxlength='255' value=\"".escape($call_flow_pin_number)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_pin_number']."\n";
echo "</td>\n";
@ -562,7 +562,7 @@
echo " ".$text['label-call_flow_label']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_label' maxlength='255' value=\"$call_flow_label\">\n";
echo " <input class='formfld' type='text' name='call_flow_label' maxlength='255' value=\"".escape($call_flow_label)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_label']."\n";
echo "</td>\n";
@ -576,7 +576,7 @@
echo " ".$text['label-call_flow_sound']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_sound' maxlength='255' value=\"$call_flow_sound\">\n";
echo " <input class='formfld' type='text' name='call_flow_sound' maxlength='255' value=\"".escape($call_flow_sound)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_sound']."\n";
echo "</td>\n";
@ -606,7 +606,7 @@
echo " ".$text['label-call_flow_alternate_label']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_alternate_label' maxlength='255' value=\"$call_flow_alternate_label\">\n";
echo " <input class='formfld' type='text' name='call_flow_alternate_label' maxlength='255' value=\"".escape($call_flow_alternate_label)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_alternate_label']."\n";
echo "</td>\n";
@ -620,7 +620,7 @@
echo " ".$text['label-call_flow_alternate_sound']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_alternate_sound' maxlength='255' value=\"$call_flow_alternate_sound\">\n";
echo " <input class='formfld' type='text' name='call_flow_alternate_sound' maxlength='255' value=\"".escape($call_flow_alternate_sound)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_alternate_sound']."\n";
echo "</td>\n";
@ -649,7 +649,7 @@
echo " ".$text['label-call_flow_context']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_context' maxlength='255' value=\"$call_flow_context\">\n";
echo " <input class='formfld' type='text' name='call_flow_context' maxlength='255' value=\"".escape($call_flow_context)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_context']."\n";
echo "</td>\n";
@ -661,7 +661,7 @@
echo " ".$text['label-call_flow_description']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='call_flow_description' maxlength='255' value=\"$call_flow_description\">\n";
echo " <input class='formfld' type='text' name='call_flow_description' maxlength='255' value=\"".escape($call_flow_description)."\">\n";
echo "<br />\n";
echo $text['description-call_flow_description']."\n";
echo "</td>\n";
@ -669,8 +669,8 @@
echo " <tr>\n";
echo " <td colspan='2' align='right'>\n";
if ($action == "update") {
echo " <input type='hidden' name='call_flow_uuid' value='$call_flow_uuid'>\n";
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
echo " <input type='hidden' name='call_flow_uuid' value='".escape($call_flow_uuid)."'>\n";
echo " <input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
}
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n";