dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape user data on ring_group_edit.php (#3105)

This commit is contained in:
AlexanderDCrane 2018-06-09 11:56:07 -06:00 committed by FusionPBX
parent 92dee0668c
commit 6cb53e9ba8
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
app/ring_groups/ring_group_edit.php
View File

@ -525,7 +525,7 @@
echo " ".$text['label-name']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_name' maxlength='255' value=\"$ring_group_name\" required='required'>\n";
echo " <input class='formfld' type='text' name='ring_group_name' maxlength='255' value=\"".escape($ring_group_name)."\" required='required'>\n";
echo "<br />\n";
echo $text['description-name']."\n";
echo "</td>\n";
@ -536,7 +536,7 @@
echo " ".$text['label-extension']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_extension' maxlength='255' value=\"$ring_group_extension\" required='required'>\n";
echo " <input class='formfld' type='text' name='ring_group_extension' maxlength='255' value=\"".escape($ring_group_extension)."\" required='required'>\n";
echo "<br />\n";
echo $text['description-extension']."\n";
echo "</td>\n";
@ -555,17 +555,17 @@
foreach($value as $row) {
if ($ring_group_greeting == $row["value"]) {
$selected = true;
echo " <option value='".$row["value"]."' selected='selected'>".$row["name"]."</option>\n";
echo " <option value='".escape($row["value"])."' selected='selected'>".escape($row["name"])."</option>\n";
}
else {
echo " <option value='".$row["value"]."'>".$row["name"]."</option>\n";
echo " <option value='".escape($row["value"])."'>".escape($row["name"])."</option>\n";
}
}
echo "</optgroup>\n";
}
if (if_group("superadmin")) {
if (!$selected && strlen($ring_group_greeting) > 0) {
echo " <option value='".$ring_group_greeting."' selected='selected'>".$ring_group_greeting."</option>\n";
echo " <option value='".escape($ring_group_greeting)."' selected='selected'>".escape($ring_group_greeting)."</option>\n";
}
unset($selected);
}
@ -614,12 +614,12 @@
if (strlen($row['destination_timeout']) == 0) { $row['destination_timeout'] = "30"; }
if (strlen($row['ring_group_destination_uuid']) > 0) {
echo " <input name='ring_group_destinations[".$x."][ring_group_destination_uuid]' type='hidden' value=\"".$row['ring_group_destination_uuid']."\">\n";
echo " <input name='ring_group_destinations[".$x."][ring_group_destination_uuid]' type='hidden' value=\"".escape($row['ring_group_destination_uuid'])."\">\n";
}
echo " <tr>\n";
echo " <td>\n";
echo " <input type=\"text\" name=\"ring_group_destinations[".$x."][destination_number]\" class=\"formfld\" style=\"width: 90%;\"value=\"".$row['destination_number']."\">\n";
echo " <input type=\"text\" name=\"ring_group_destinations[".$x."][destination_number]\" class=\"formfld\" style=\"width: 90%;\"value=\"".escape($row['destination_number'])."\">\n";
echo " </td>\n";
echo " <td>\n";
echo " <select name='ring_group_destinations[".$x."][destination_delay]' class='formfld' style='width:55px'>\n";
@ -662,7 +662,7 @@
echo " <td>&nbsp;</td>\n";
echo " <td class='list_control_icons' style='width: 25px;'>";
if (strlen($row['ring_group_destination_uuid']) > 0) {
echo "<a href='ring_group_destination_delete.php?id=".$row['ring_group_destination_uuid']."&ring_group_uuid=".$row['ring_group_uuid']."&a=delete' alt='delete' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
echo " <a href='ring_group_destination_delete.php?id=".escape($row['ring_group_destination_uuid'])."&ring_group_uuid=".escape($row['ring_group_uuid'])."&a=delete' alt='delete' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
}
echo " </td>\n";
echo " </tr>\n";
@ -690,7 +690,7 @@
echo " ".$text['label-call_timeout']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_call_timeout' maxlength='255' value='$ring_group_call_timeout'>\n";
echo " <input class='formfld' type='text' name='ring_group_call_timeout' maxlength='255' value='".escape($ring_group_call_timeout)."'>\n";
echo "<br />\n";
echo $text['description-ring_group_call_timeout']." \n";
echo "</td>\n";
@ -702,7 +702,7 @@
echo " ".$text['label-caller_id_name']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_caller_id_name' maxlength='255' value='$ring_group_caller_id_name'>\n";
echo " <input class='formfld' type='text' name='ring_group_caller_id_name' maxlength='255' value='".escape($ring_group_caller_id_name)."'>\n";
echo "<br />\n";
echo $text['description-caller_id_name']." \n";
echo "</td>\n";
@ -715,7 +715,7 @@
echo " ".$text['label-caller_id_number']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='number' name='ring_group_caller_id_number' maxlength='255' min='0' step='1' value='$ring_group_caller_id_number'>\n";
echo " <input class='formfld' type='number' name='ring_group_caller_id_number' maxlength='255' min='0' step='1' value='".escape($ring_group_caller_id_number)."'>\n";
echo "<br />\n";
echo $text['description-caller_id_number']." \n";
echo "</td>\n";
@ -728,7 +728,7 @@
echo " ".$text['label-cid-name-prefix']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_cid_name_prefix' maxlength='255' value='$ring_group_cid_name_prefix'>\n";
echo " <input class='formfld' type='text' name='ring_group_cid_name_prefix' maxlength='255' value='".escape($ring_group_cid_name_prefix)."'>\n";
echo "<br />\n";
echo $text['description-cid-name-prefix']." \n";
echo "</td>\n";
@ -741,7 +741,7 @@
echo " ".$text['label-cid-number-prefix']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='number' name='ring_group_cid_number_prefix' maxlength='255' min='0' step='1' value='$ring_group_cid_number_prefix'>\n";
echo " <input class='formfld' type='number' name='ring_group_cid_number_prefix' maxlength='255' min='0' step='1' value='".escape($ring_group_cid_number_prefix)."'>\n";
echo "<br />\n";
echo $text['description-cid-number-prefix']." \n";
echo "</td>\n";
@ -753,7 +753,7 @@
echo " ".$text['label-distinctive_ring']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_distinctive_ring' maxlength='255' value='$ring_group_distinctive_ring'>\n";
echo " <input class='formfld' type='text' name='ring_group_distinctive_ring' maxlength='255' value='".escape($ring_group_distinctive_ring)."'>\n";
echo "<br />\n";
echo $text['description-distinctive_ring']." \n";
echo "</td>\n";
@ -778,7 +778,7 @@
echo " <tr>\n";
echo " <td class='vtable'>".$field['username']."</td>\n";
echo " <td>\n";
echo " <a href='ring_group_edit.php?id=".$ring_group_uuid."&user_uuid=".$field['user_uuid']."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
echo " <a href='ring_group_edit.php?id=".escape($ring_group_uuid)."&user_uuid=".$field['user_uuid']."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".escape($v_link_label_delete)."</a>\n";
echo " </td>\n";
echo " </tr>\n";
}
@ -811,7 +811,7 @@
//echo " <option value='url' ".(($ring_group_missed_call_app == "url" && $ring_group_missed_call_data != '') ? "selected='selected'" : null).">".$text['label-url']."</option>\n";
echo " </select>\n";
$ring_group_missed_call_data = ($ring_group_missed_call_app == 'text') ? format_phone($ring_group_missed_call_data) : $ring_group_missed_call_data;
echo " <input class='formfld' type='text' name='ring_group_missed_call_data' id='ring_group_missed_call_data' maxlength='255' value=\"$ring_group_missed_call_data\" style='min-width: 200px; width: 200px; ".(($ring_group_missed_call_app == '' || $ring_group_missed_call_data == '') ? "display: none;" : null)."'>\n";
echo " <input class='formfld' type='text' name='ring_group_missed_call_data' id='ring_group_missed_call_data' maxlength='255' value=\"".escape($ring_group_missed_call_data)."\" style='min-width: 200px; width: 200px; ".(($ring_group_missed_call_app == '' || $ring_group_missed_call_data == '') ? "display: none;" : null)."'>\n";
echo "<br />\n";
echo $text['description-missed_call']."\n";
echo "</td>\n";
@ -827,7 +827,7 @@
echo " <option value='false'>".$text['option-disabled']."</option>";
echo " <option value='true' ".(($ring_group_forward_enabled == 'true') ? "selected='selected'" : null).">".$text['option-enabled']."</option>";
echo " </select>";
echo "<input class='formfld' style='min-width: 95px;' type='text' name='ring_group_forward_destination' id='ring_group_forward_destination' placeholder=\"".$text['label-forward_destination']."\" maxlength='255' value=\"".$ring_group_forward_destination."\">";
echo "<input class='formfld' style='min-width: 95px;' type='text' name='ring_group_forward_destination' id='ring_group_forward_destination' placeholder=\"".$text['label-forward_destination']."\" maxlength='255' value=\"".escape($ring_group_forward_destination)."\">";
echo "<br />\n";
echo $text['description-ring-group-forward']."\n";
echo "</td>\n";
@ -839,7 +839,7 @@
echo " ".$text['label-ring_group_forward_toll_allow']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_forward_toll_allow' maxlength='255' value=".$ring_group_forward_toll_allow.">\n";
echo " <input class='formfld' type='text' name='ring_group_forward_toll_allow' maxlength='255' value=".escape($ring_group_forward_toll_allow).">\n";
echo "<br />\n";
echo $text['description-ring_group_forward_toll_allow']."\n";
echo "</td>\n";
@ -852,7 +852,7 @@
echo " ".$text['label-context']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_context' maxlength='255' value=\"$ring_group_context\" required='required'>\n";
echo " <input class='formfld' type='text' name='ring_group_context' maxlength='255' value=\"".escape($ring_group_context)."\" required='required'>\n";
echo "<br />\n";
echo $text['description-enter-context']."\n";
echo "</td>\n";
@ -888,7 +888,7 @@
echo " ".$text['label-description']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='ring_group_description' maxlength='255' value=\"$ring_group_description\">\n";
echo " <input class='formfld' type='text' name='ring_group_description' maxlength='255' value=\"".escape($ring_group_description)."\">\n";
echo "<br />\n";
echo $text['description-description']."\n";
echo "</td>\n";
@ -897,10 +897,10 @@
echo " <tr>\n";
echo " <td colspan='2' align='right'>\n";
if (strlen($dialplan_uuid) > 0) {
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
echo " <input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
}
if (strlen($ring_group_uuid) > 0) {
echo " <input type='hidden' name='ring_group_uuid' value='$ring_group_uuid'>\n";
echo " <input type='hidden' name='ring_group_uuid' value='".escape($ring_group_uuid)."'>\n";
}
echo " <br>";
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";