dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape ivr_menu_option_description to prevent XSS

This commit is contained in:
markjcrane 2021-07-25 09:00:53 -06:00
parent 0f34a7c732
commit ffd901b5ba
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/ivr_menus/ivr_menu_edit.php
View File

@ -1075,7 +1075,7 @@
echo "</td>\n";
echo "<td class='formfld' align='left'>\n";
echo " <input class='formfld' style='width:100px' type='text' name='ivr_menu_options[".$x."][ivr_menu_option_description]' maxlength='255' value=\"".$field['ivr_menu_option_description']."\">\n";
echo " <input class='formfld' style='width:100px' type='text' name='ivr_menu_options[".$x."][ivr_menu_option_description]' maxlength='255' value=\"".escape($field['ivr_menu_option_description'])."\">\n";
echo "</td>\n";
if ($show_option_delete && permission_exists('ivr_menu_option_delete')) {