From 7c9960298ff143fdbd2cc82a937d8201639c62e0 Mon Sep 17 00:00:00 2001 From: AlexanderDCrane <40072887+AlexanderDCrane@users.noreply.github.com> Date: Sat, 9 Jun 2018 13:20:44 -0600 Subject: [PATCH] Escape user data on xml_cdr_search.php (#3113) --- app/xml_cdr/xml_cdr_search.php | 50 +++++++++++++++++----------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/app/xml_cdr/xml_cdr_search.php b/app/xml_cdr/xml_cdr_search.php index c9ee8f263f..e5ae154ea0 100644 --- a/app/xml_cdr/xml_cdr_search.php +++ b/app/xml_cdr/xml_cdr_search.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Copyright (C) 2008-2016 + Copyright (C) 2008-2018 All Rights Reserved. Contributor(s): @@ -123,7 +123,7 @@ echo " "; echo " ".$text['label-caller_id_name'].""; //source name - echo " "; + echo " "; echo " "; echo " "; echo " ".$text['label-caller_id_number'].""; //source number @@ -140,29 +140,29 @@ $result_e = $prep_statement -> fetchAll(PDO::FETCH_NAMED); foreach ($result_e as &$row) { $selected = ($row['extension_uuid'] == $caller_extension_uuid) ? "selected" : null; - echo " "; + echo " "; } unset ($prep_statement); echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " "; echo " "; echo " "; echo " ".$text['label-destination'].""; - echo " "; + echo " "; echo " "; echo " "; echo " ".$text['label-context'].""; - echo " "; + echo " "; echo " "; echo " "; echo " ".$text['label-start_range'].""; echo " "; echo "
\n"; echo "
"; - echo " "; - echo " "; + echo " "; + echo " "; echo "
\n"; echo "
\n"; echo " "; @@ -172,8 +172,8 @@ echo " "; echo "
\n"; echo "
"; - echo " "; - echo " "; + echo " "; + echo " "; echo "
\n"; echo "
\n"; echo " "; @@ -183,15 +183,15 @@ echo " "; echo "
\n"; echo "
"; - echo " "; - echo " "; + echo " "; + echo " "; echo "
\n"; echo "
\n"; echo " "; echo " "; echo " "; echo " ".$text['label-duration'].""; - echo " "; + echo " "; echo " "; if (permission_exists('xml_cdr_all')) { echo " "; @@ -214,39 +214,39 @@ echo "\n"; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; if (is_array($_SESSION['cdr']['field'])) { foreach ($_SESSION['cdr']['field'] as $field) { @@ -256,8 +256,8 @@ $field_label = str_replace("Sip", "SIP", $field_label); if ($field_name != "destination_number") { echo " "; - echo " "; - echo " "; + echo " "; + echo " "; echo " "; } } @@ -274,7 +274,7 @@ echo " \n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; echo " "; echo " \n";
".$text['label-billsec']."
".$text['label-hangup_cause']."
".$text['label-uuid']."
".$text['label-bridge_uuid']."
".$text['label-accountcode']."
".$text['label-read_codec']."
".$text['label-write_codec']."
".$text['label-remote_media_ip']."
".$text['label-network_addr']."
".$field_label."".escape($field_label)."