Escape user data on call_broadcast_edit.php (#3092)
This commit is contained in:
AlexanderDCrane
FusionPBX
parent
00e8c154ff
commit
86a280cf32
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
The Initial Developer of the Original Code is
|
||||
Mark J Crane <markjcrane@fusionpbx.com>
|
||||
Portions created by the Initial Developer are Copyright (C) 2008-2012
|
||||
Portions created by the Initial Developer are Copyright (C) 2008-2018
|
||||
the Initial Developer. All Rights Reserved.
|
||||
|
||||
Contributor(s):
|
||||
|
|
@ -259,7 +259,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-name']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_name' maxlength='255' value=\"$broadcast_name\" required='required'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_name' maxlength='255' value=\"".escape($broadcast_name)."\" required='required'>\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-name']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -272,7 +272,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
if ($action == "add"){ $accountcode=$_SESSION['domain_name']; }
|
||||
echo " <input class='formfld' type='text' name='broadcast_accountcode' maxlength='255' value=\"$broadcast_accountcode\">\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_accountcode' maxlength='255' value=\"".escape($broadcast_accountcode)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo $text['description-accountcode']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -313,7 +313,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-timeout']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='number' name='broadcast_timeout' maxlength='255' min='1' step='1' value=\"$broadcast_timeout\">\n";
|
||||
echo " <input class='formfld' type='number' name='broadcast_timeout' maxlength='255' min='1' step='1' value=\"".escape($broadcast_timeout)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-timeout']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -324,7 +324,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-concurrent-limit']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='number' name='broadcast_concurrent_limit' maxlength='255' min='1' step='1' value=\"$broadcast_concurrent_limit\">\n";
|
||||
echo " <input class='formfld' type='number' name='broadcast_concurrent_limit' maxlength='255' min='1' step='1' value=\"".escape($broadcast_concurrent_limit)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-concurrent-limit']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -365,7 +365,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-caller-id-name']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_caller_id_name' maxlength='255' value=\"$broadcast_caller_id_name\">\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_caller_id_name' maxlength='255' value=\"".escape($broadcast_caller_id_name)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-caller-id-name']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -376,7 +376,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-callerid-number']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='number' name='broadcast_caller_id_number' maxlength='255' min='0' step='1' value=\"$broadcast_caller_id_number\">\n";
|
||||
echo " <input class='formfld' type='number' name='broadcast_caller_id_number' maxlength='255' min='0' step='1' value=\"".escape($broadcast_caller_id_number)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-caller-id-number']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -387,7 +387,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " Type\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_destination_type' maxlength='255' value=\"$broadcast_destination_type\">\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_destination_type' maxlength='255' value=\"".escape($broadcast_destination_type)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "Optional, Destination Type: bridge, transfer, voicemail, conference, fifo, etc.\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -398,7 +398,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " Destination\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_destination_data' maxlength='255' value=\"$broadcast_destination_data\">\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_destination_data' maxlength='255' value=\"".escape($broadcast_destination_data)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "Optional, send the call to an auto attendant, conference room, or any other destination. <br /><br />\n";
|
||||
echo "conference (8khz): 01-\${domain}@default <br />\n";
|
||||
|
|
@ -414,7 +414,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-destination']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_destination_data' maxlength='255' value=\"$broadcast_destination_data\">\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_destination_data' maxlength='255' value=\"".escape($broadcast_destination_data)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-destination']." <br /><br />\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -425,7 +425,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-phone']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <textarea class='formfld' type='text' name='broadcast_phone_numbers' rows='10'>$broadcast_phone_numbers</textarea>\n";
|
||||
echo " <textarea class='formfld' type='text' name='broadcast_phone_numbers' rows='10'>".escape($broadcast_phone_numbers)."</textarea>\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-phone']." <br /><br />\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -451,7 +451,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
echo " ".$text['label-description']."\n";
|
||||
echo "</td>\n";
|
||||
echo "<td class='vtable' align='left'>\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_description' maxlength='255' value=\"$broadcast_description\">\n";
|
||||
echo " <input class='formfld' type='text' name='broadcast_description' maxlength='255' value=\"".escape($broadcast_description)."\">\n";
|
||||
echo "<br />\n";
|
||||
echo "".$text['description-info']."\n";
|
||||
echo "</td>\n";
|
||||
|
|
@ -620,4 +620,5 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|||
*/
|
||||
|
||||
require_once "resources/footer.php";
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue