From 3702c0a6b941887f5be7108794b9e3fc814b6870 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Sun, 16 Jun 2019 09:36:10 -0600
Subject: [PATCH] Update calls_active_inc.php

---
 app/calls_active/calls_active_inc.php | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/app/calls_active/calls_active_inc.php b/app/calls_active/calls_active_inc.php
index 309248f5d8..c42da9cd76 100644
--- a/app/calls_active/calls_active_inc.php
+++ b/app/calls_active/calls_active_inc.php
@@ -165,9 +165,9 @@
 					foreach ($row as $key => $value) {
 						$$key = $value;
 					}
-					if (if_group("superadmin") && isset($_REQUEST['debug'])) {
-						echo "<tr><td colspan='20'><pre>".print_r($row, true)."</pre></td></tr>";
-					}
+					//if (if_group("superadmin") && isset($_REQUEST['debug'])) {
+					//	echo "<tr><td colspan='20'><pre>".print_r(escape($row), true)."</pre></td></tr>";
+					//}
 
 				//get the sip profile
 					$name_array = explode("/", $name);
@@ -196,21 +196,21 @@
 
 				//send the html
 					echo "<tr>\n";
-					echo "<td valign='top' class='".$row_style[$c]."'>".$sip_profile."&nbsp;</td>\n";
-					echo "<td valign='top' class='".$row_style[$c]."'>".$created."&nbsp;</td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".escape($sip_profile)."&nbsp;</td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".$escape(created)."&nbsp;</td>\n";
 					if ($show == 'all') {
-						echo "<td valign='top' class='".$row_style[$c]."'>".$domain_name."&nbsp;</td>\n";
+						echo "<td valign='top' class='".$row_style[$c]."'>".escape($domain_name)."&nbsp;</td>\n";
 					}
-					echo "<td valign='top' class='".$row_style[$c]."'>".$tmp_number."&nbsp;</td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".escape($tmp_number)."&nbsp;</td>\n";
 					echo "<td valign='top' class='".$row_style[$c]."'>".escape($cid_name)."&nbsp;</td>\n";
 					echo "<td valign='top' class='".$row_style[$c]."'>".escape($cid_num)."&nbsp;</td>\n";
-					echo "<td valign='top' class='".$row_style[$c]."'>".$dest."&nbsp;</td>\n";
-					echo "<td valign='top' class='".$row_style[$c]."'>".((strlen($application) > 0) ? $application.":".$application_data : null)."&nbsp;</td>\n";
-					echo "<td valign='top' class='".$row_style[$c]."'>".$read_codec.":".$read_rate." / ".$write_codec.":".$write_rate."&nbsp;</td>\n";
-					echo "<td valign='top' class='".$row_style[$c]."'>".$secure."&nbsp;</td>\n";
-					echo "<td class='list_control_icons' style='width: 25px; text-align: left;'><a href='javascript:void(0);' alt='".$text['label-hangup']."' onclick=\"hangup(escape('".$uuid."'));\">".$v_link_label_delete."</a></td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".escape($dest)."&nbsp;</td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".((strlen($application) > 0) ? escape($application).":".escape($application_data) : null)."&nbsp;</td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".escape($read_codec).":".escape($read_rate)." / ".escape($write_codec).":".escape($write_rate)."&nbsp;</td>\n";
+					echo "<td valign='top' class='".$row_style[$c]."'>".escape($secure)."&nbsp;</td>\n";
+					echo "<td class='list_control_icons' style='width: 25px; text-align: left;'><a href='javascript:void(0);' alt='".$text['label-hangup']."' onclick=\"hangup(escape('".escape($uuid)."'));\">".$v_link_label_delete."</a></td>\n";
 					echo "</tr>\n";
-				
+
 				//alternate the row style
 					$c = ($c) ? 0 : 1;
 			}