dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Properly escape < and > for dialplan detail data.

This commit is contained in:
Mark Crane 2015-01-07 17:11:06 +00:00
parent c66d89302a
commit 53eb200145
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/dialplan/dialplan_edit.php
View File

@ -679,7 +679,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
unset ($prep_statement, $sql);
}
$dialplan_detail_data_mod = ($gateway_name != '') ? str_replace($gateway_uuid, $gateway_name, $dialplan_detail_data) : $dialplan_detail_data;
echo " <label id=\"label_dialplan_detail_data_".$x."\">".ellipsis($dialplan_detail_data_mod, 75, false)."</label>\n";
echo " <label id=\"label_dialplan_detail_data_".$x."\">".htmlspecialchars($dialplan_detail_data_mod)."</label>\n";
}
echo " <input id='dialplan_detail_data_".$x."' name='dialplan_details[".$x."][dialplan_detail_data]' class='formfld' type='text' style='width: 100%; ".$element['visibility']."' placeholder='' value=\"".htmlspecialchars($dialplan_detail_data)."\">\n";
echo "</td>\n";