diff --git a/app/destinations/destination_imports.php b/app/destinations/destination_imports.php
index cc773e3077..6530e89a87 100644
--- a/app/destinations/destination_imports.php
+++ b/app/destinations/destination_imports.php
@@ -112,10 +112,10 @@
//remove the v_ table prefix
if (substr($table_name, 0, 2) == 'v_') {
- $table_name = substr($table_name, 2);
+ $table_name = substr($table_name, 2);
}
if (substr($parent_name, 0, 2) == 'v_') {
- $parent_name = substr($parent_name, 2);
+ $parent_name = substr($parent_name, 2);
}
//filter for specific tables and build the schema array
@@ -489,16 +489,16 @@
foreach($results as $row) {
echo "\n";
echo " | \n";
- echo $row['FirstName'] ." ".$row['LastName'];
+ echo escape($row['FirstName'])." ".escape($row['LastName']);
echo " | \n";
echo " \n";
- echo $row['Company']." \n";
+ echo escape($row['Company'])." \n";
echo " | \n";
echo " \n";
- echo $row['EmailAddress']." \n";
+ echo escape($row['EmailAddress'])." \n";
echo " | \n";
echo " \n";
- echo $row['Web Page']." \n";
+ echo escape($row['Web Page'])." \n";
echo " | \n";
echo "
\n";
}
@@ -591,12 +591,13 @@
//get the dialplan uuid
if (strlen($row['destination_number']) == 0 || strlen($row['dialplan_uuid']) == 0 ) {
$sql = "select * from v_destinations ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and destination_number = '$destination_number'; ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and destination_number = :destination_number; ";
//echo $sql."
\n";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $destinations = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['destination_number'] = $destination_number;
+ $database = new database;
+ $destinations = $database->select($sql, $parameters, 'all');
$row = $destinations[0];
//add to the array
@@ -620,25 +621,28 @@
//delete the dialplan
if (strlen($row['dialplan_uuid']) > 0) {
$sql = "delete from v_dialplan_details ";
- $sql .= "where dialplan_uuid = '".$row['dialplan_uuid']."';";
+ $sql .= "where dialplan_uuid = :dialplan_uuid ";
//echo "$sql
\n";
- $db->query($sql);
- unset($sql);
+ $parameters['dialplan_uuid'] = $row['dialplan_uuid'];
+ $database = new database;
+ $database->execute($sql, $parameters);
$sql = "delete from v_dialplans ";
- $sql .= "where dialplan_uuid = '".$row['dialplan_uuid']."';";
+ $sql .= "where dialplan_uuid = :dialplan_uuid ";
//echo "$sql
\n";
- $db->query($sql);
- unset($sql);
+ $parameters['dialplan_uuid'] = $row['dialplan_uuid'];
+ $database = dialplan_uuid database;
+ $database->execute($sql, $parameters);
}
//delete the destinations
if (strlen($row['destination_uuid']) > 0) {
$sql = "delete from v_destinations ";
- $sql .= "where destination_uuid = '".$row['destination_uuid']."';";
+ $sql .= "where destination_uuid = :destination_uuid ";
//echo "$sql
\n";
- $db->query($sql);
- unset($sql);
+ $parameters['destination_uuid'] = $row['destination_uuid'];
+ $database = new database;
+ $database->execute($sql, $parameters);
}
} //foreach
@@ -667,25 +671,28 @@
//delete the dialplan
if (strlen($row['dialplan_uuid']) > 0) {
$sql = "delete from v_dialplan_details ";
- $sql .= "where dialplan_uuid = '".$row['dialplan_uuid']."';";
+ $sql .= "where dialplan_uuid = :dialplan_uuid ";
//echo "$sql
\n";
- $db->query($sql);
- unset($sql);
+ $parameters['dialplan_uuid'] = $row['dialplan_uuid'];
+ $database = new database;
+ $database->execute($sql, $parameters);
$sql = "delete from v_dialplans ";
- $sql .= "where dialplan_uuid = '".$row['dialplan_uuid']."';";
+ $sql .= "where dialplan_uuid = :dialplan_uuid ";
//echo "$sql
\n";
- $db->query($sql);
- unset($sql);
+ $parameters['dialplan_uuid'] = $row['dialplan_uuid'];
+ $database = new database;
+ $database->execute($sql, $parameters);
}
//delete the destinations
if (strlen($row['destination_uuid']) > 0) {
$sql = "delete from v_destinations ";
- $sql .= "where destination_uuid = '".$row['destination_uuid']."';";
+ $sql .= "where destination_uuid = :destination_uuid ";
//echo "$sql
\n";
- $db->query($sql);
- unset($sql);
+ $parameters['destination_uuid'] = $row['destination_uuid'];
+ $database = new database;
+ $database->execute($sql, $parameters);
}
} //foreach
}
@@ -762,7 +769,7 @@
$selected = "selected='selected'";
}
if ($field !== 'domain_uuid') {
- echo " \n";
+ echo " \n";
}
}
echo " \n";
@@ -822,7 +829,7 @@
echo " ".$text['label-destination_context']."\n";
echo "\n";
echo "\n";
- echo " \n";
+ echo " \n";
echo "
\n";
echo $text['description-destination_context']."\n";
echo " | \n";
@@ -858,10 +865,10 @@
}
foreach ($_SESSION['domains'] as $row) {
if ($row['domain_uuid'] == $domain_uuid) {
- echo " \n";
+ echo " \n";
}
else {
- echo " \n";
+ echo " \n";
}
}
echo " \n";
@@ -871,7 +878,7 @@
echo "\n";
}
else {
- echo "\n";
+ echo "\n";
}
echo "\n";