From ffd901b5ba9e3b0cc18c66d87d914b195a2bc5b5 Mon Sep 17 00:00:00 2001
From: markjcrane <markjcrane@gmail.com>
Date: Sun, 25 Jul 2021 09:00:53 -0600
Subject: [PATCH] Escape ivr_menu_option_description to prevent XSS

---
 app/ivr_menus/ivr_menu_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/ivr_menus/ivr_menu_edit.php b/app/ivr_menus/ivr_menu_edit.php
index 14e58916d3..a2ce92fab7 100644
--- a/app/ivr_menus/ivr_menu_edit.php
+++ b/app/ivr_menus/ivr_menu_edit.php
@@ -1075,7 +1075,7 @@
 			echo "</td>\n";
 
 			echo "<td class='formfld' align='left'>\n";
-			echo "	<input class='formfld' style='width:100px' type='text' name='ivr_menu_options[".$x."][ivr_menu_option_description]' maxlength='255' value=\"".$field['ivr_menu_option_description']."\">\n";
+			echo "	<input class='formfld' style='width:100px' type='text' name='ivr_menu_options[".$x."][ivr_menu_option_description]' maxlength='255' value=\"".escape($field['ivr_menu_option_description'])."\">\n";
 			echo "</td>\n";
 
 			if ($show_option_delete && permission_exists('ivr_menu_option_delete')) {