From 8a3c58d3b520b5774d29bd677d71028634fb3c1b Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Thu, 30 May 2019 01:31:01 -0600
Subject: [PATCH] Update exec.php

---
 app/exec/exec.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/exec/exec.php b/app/exec/exec.php
index ac5a09b5cf..1ba46ed318 100644
--- a/app/exec/exec.php
+++ b/app/exec/exec.php
@@ -264,7 +264,7 @@
 		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 		foreach ($result as &$row) {
 			$row = array_values($row);
-			echo "					<option value='".$row[0]."'>".$row[0]."</option>\n";
+			echo "					<option value='".escape($row[0])."'>".escape($row[0])."</option>\n";
 		}
 		echo "					</select>\n";
 		//echo "					<br /><br />\n";
@@ -296,7 +296,7 @@
 	echo "<br>";
 
 //html form
-	echo "<input type='hidden' name='id' value='".$_REQUEST['id']."'>\n"; //sql db id
+	echo "<input type='hidden' name='id' value='".escape($_REQUEST['id'])."'>\n"; //sql db id
 	echo "<textarea name='command' id='command' style='display: none;'></textarea>";
 	echo "<table cellpadding='0' cellspacing='0' border='0' style='width: 100%;'>\n";
 	echo "	<tr>";
@@ -342,7 +342,7 @@
 							$preview = "onmouseover=\"editor.getSession().setMode(".(($value == 'php') ? "{path:'ace/mode/php', inline:true}" : "'ace/mode/' + this.value").");\"";
 						}
 						$selected = ($value == $mode) ? 'selected' : null;
-						echo "<option value='".$value."' ".$selected." ".$preview.">".$label."</option>\n";
+						echo "<option value='".escape($value)."' ".escape($selected)." ".escape($preview).">".escape($label)."</option>\n";
 					}
 					?>
 				</select>
@@ -353,12 +353,12 @@
 					$sizes = explode(',','9px,10px,11px,12px,14px,16px,18px,20px');
 					$preview = ($setting_preview == 'true') ? "onmouseover=\"document.getElementById('editor').style.fontSize = this.value;\"" : null;
 					if (!in_array($setting_size, $sizes)) {
-						echo "<option value='".$setting_size."' ".$preview.">".$setting_size."</option>\n";
+						echo "<option value='".escape($setting_size)."' ".escape($preview).">".escape($setting_size)."</option>\n";
 						echo "<option value='' disabled='disabled'></option>\n";
 					}
 					foreach ($sizes as $size) {
 						$selected = ($size == $setting_size) ? 'selected' : null;
-						echo "<option value='".$size."' ".$selected." ".$preview.">".$size."</option>\n";
+						echo "<option value='".escape($size)."' ".$selected." ".escape($preview).">".escape($size)."</option>\n";
 					}
 					?>
 				</select>
@@ -405,7 +405,7 @@
 						echo "<optgroup label='".$optgroup."'>\n";
 						foreach ($theme as $value => $label) {
 							$selected = (strtolower($label) == strtolower($setting_theme)) ? 'selected' : null;
-							echo "<option value='".$value."' ".$selected." ".$preview.">".$label."</option>\n";
+							echo "<option value='".escape($value)."' ".$selected." ".escape($preview).">".escape($label)."</option>\n";
 						}
 						echo "</optgroup>\n";
 					}
@@ -414,7 +414,7 @@
 			</td>
 		</tr>
 	</table>
-	<div id='editor'><?php echo htmlentities($command); ?></div>
+	<div id='editor'><?php echo escape($command); ?></div>
 
 <?php
 	echo "		</td>";
@@ -446,7 +446,7 @@
 			<?php if ($mode == 'php') { ?>
 				editor.getSession().setMode({path:'ace/mode/php', inline:true});
 			<?php } ?>
-			document.getElementById('editor').style.fontSize='<?php echo $setting_size;?>';
+			document.getElementById('editor').style.fontSize='<?php echo escape($setting_size);?>';
 			focus_editor();
 
 		//keyboard shortcut to execute command
@@ -467,7 +467,7 @@
 			switch ($handler) {
 				case 'shell':
 					if (permission_exists('exec_command') && $command_authorized) {
-						$result = htmlentities(shell_exec($command . " 2>&1"));
+						$result = escape(shell_exec($command . " 2>&1"));
 					}
 					break;
 				case 'php':
@@ -492,7 +492,7 @@
 				echo "<span id='response'>";
 				echo "<b>".$text['label-response']."</b>\n";
 				echo "<br /><br />\n";
-				echo ($handler == 'switch') ? "<textarea style='width: 100%; height: 450px; font-family: monospace; padding: 15px;' wrap='off'>".$result."</textarea>\n" : "<pre>".$result."</pre>";
+				echo ($handler == 'switch') ? "<textarea style='width: 100%; height: 450px; font-family: monospace; padding: 15px;' wrap='off'>".escape($result)."</textarea>\n" : "<pre>".escape($result)."</pre>";
 				echo "</span>";
 			}
 		}