dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape user data on conference_center_edit.php (#3096)

This commit is contained in:
AlexanderDCrane 2018-06-09 11:05:35 -06:00 committed by FusionPBX
parent 1da7eadbca
commit b4b5150954
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
app/conference_centers/conference_center_edit.php
View File

@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
Portions created by the Initial Developer are Copyright (C) 2008-2018
the Initial Developer. All Rights Reserved.
Contributor(s):
@ -256,7 +256,7 @@
echo " ".$text['label-conference_center_name']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='conference_center_name' maxlength='255' value=\"$conference_center_name\">\n";
echo " <input class='formfld' type='text' name='conference_center_name' maxlength='255' value=\"".escape($conference_center_name)."\">\n";
echo "<br />\n";
echo $text['description-conference_center_name']."\n";
echo "</td>\n";
@ -267,7 +267,7 @@
echo " ".$text['label-conference_center_extension']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='conference_center_extension' maxlength='255' value=\"$conference_center_extension\">\n";
echo " <input class='formfld' type='text' name='conference_center_extension' maxlength='255' value=\"".escape($conference_center_extension)."\">\n";
echo "<br />\n";
echo $text['description-conference_center_extension']."\n";
echo "</td>\n";
@ -278,7 +278,7 @@
echo " ".$text['label-conference_center_greeting']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
//echo " <input class='formfld' type='text' name='conference_center_greeting' maxlength='255' value=\"$conference_center_greeting\">\n";
//echo " <input class='formfld' type='text' name='conference_center_greeting' maxlength='255' value=\"".escape($conference_center_greeting)."\">\n";
if (permission_exists('conference_center_add') || permission_exists('conference_center_edit')) {
echo "<script>\n";
echo "var Objs;\n";
@ -366,10 +366,10 @@
echo " <option value='".$_SESSION['switch']['recordings']['dir']."/".$_SESSION['domain_name']."/".$conference_center_greeting."' selected='selected'>".$ivr_menu_greet_long."</option>\n";
}
else if (substr($conference_center_greeting, -3) == "wav" || substr($conference_center_greeting, -3) == "mp3") {
echo " <option value='".$conference_center_greeting."' selected='selected'>".$conference_center_greeting."</option>\n";
echo " <option value='".escape($conference_center_greeting)."' selected='selected'>".escape($conference_center_greeting)."</option>\n";
}
else {
echo " <option value='".$conference_center_greeting."' selected='selected'>".$conference_center_greeting."</option>\n";
echo " <option value='".escape($conference_center_greeting)."' selected='selected'>".escape($conference_center_greeting)."</option>\n";
}
echo "</optgroup>\n";
}
@ -387,7 +387,7 @@
echo " ".$text['label-conference_center_pin_length']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='conference_center_pin_length' maxlength='255' value='$conference_center_pin_length'>\n";
echo " <input class='formfld' type='text' name='conference_center_pin_length' maxlength='255' value='".escape($conference_center_pin_length)."'>\n";
echo "<br />\n";
echo $text['description-conference_center_pin_length']."\n";
echo "</td>\n";
@ -423,7 +423,7 @@
echo " ".$text['label-conference_center_description']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='conference_center_description' maxlength='255' value=\"$conference_center_description\">\n";
echo " <input class='formfld' type='text' name='conference_center_description' maxlength='255' value=\"".escape($conference_center_description)."\">\n";
echo "<br />\n";
echo $text['description-conference_center_description']."\n";
echo "</td>\n";
@ -431,8 +431,8 @@
echo " <tr>\n";
echo " <td colspan='2' align='right'>\n";
if ($action == "update") {
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
echo " <input type='hidden' name='conference_center_uuid' value='$conference_center_uuid'>\n";
echo " <input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
echo " <input type='hidden' name='conference_center_uuid' value='".escape($conference_center_uuid)."'>\n";
}
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n";