[security] import pages xss prevention (#6553)

2023-02-14 17:34:53 -05:00 · 2023-02-14 17:34:53 -05:00 · 4c29c3c4cf
parent a229d1e46c
commit 4c29c3c4cf
7 changed files with 7 additions and 7 deletions
--- a/app/access_controls/access_control_import.php
+++ b/app/access_controls/access_control_import.php
@ -164,7 +164,7 @@
 			//loop through the lines and fields
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				echo $line_field;
--- a/app/contacts/contact_import.php
+++ b/app/contacts/contact_import.php
@ -199,7 +199,7 @@
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				echo $line_field;
--- a/app/destinations/destination_imports.php
+++ b/app/destinations/destination_imports.php
@ -709,7 +709,7 @@
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				echo $line_field;
--- a/app/devices/device_imports.php
+++ b/app/devices/device_imports.php
@ -173,7 +173,7 @@
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				//echo "    ".$text['label-zzz']."\n";
--- a/app/extensions/extension_imports.php
+++ b/app/extensions/extension_imports.php
@ -170,7 +170,7 @@
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				//echo "    ".$text['label-zzz']."\n";
--- a/app/voicemails/voicemail_imports.php
+++ b/app/voicemails/voicemail_imports.php
@ -165,7 +165,7 @@
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				//echo "    ".$text['label-zzz']."\n";
--- a/core/users/user_imports.php
+++ b/core/users/user_imports.php
@ -167,7 +167,7 @@
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
-				$line_field = trim(trim($line_field), $enclosure);
+				$line_field = trim(escape(trim($line_field)), $enclosure);
 				echo "<tr>\n";
 				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				//echo "    ".$text['label-zzz']."\n";