Skip to content

Commit c9f87dc

Browse files
authored
Update access_control_nodes.php
1 parent d0714d4 commit c9f87dc

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

Diff for: app/access_controls/access_control_nodes.php

+8-7
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
The Original Code is FusionPBX
1414
The Initial Developer of the Original Code is
1515
Mark J Crane <markjcrane@fusionpbx.com>
16-
Portions created by the Initial Developer are Copyright (C) 2018
16+
Portions created by the Initial Developer are Copyright (C) 2019
1717
the Initial Developer. All Rights Reserved.
1818
Contributor(s):
1919
Mark J Crane <markjcrane@fusionpbx.com>
@@ -26,7 +26,8 @@
2626

2727
//check permissions
2828
if (!permission_exists('access_control_node_view')) {
29-
echo "access denied"; exit;
29+
echo "access denied";
30+
exit;
3031
}
3132

3233
//add multi-lingual support
@@ -87,7 +88,7 @@
8788
echo th_order_by('node_description', $text['label-node_description'], $order_by, $order);
8889
echo "<td class='list_control_icons'>";
8990
if (permission_exists('access_control_node_add')) {
90-
echo "<a href='access_control_node_edit.php?access_control_uuid=".escape($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>";
91+
echo "<a href='access_control_node_edit.php?access_control_uuid=".urlencode($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>";
9192
}
9293
else {
9394
echo "&nbsp;\n";
@@ -98,7 +99,7 @@
9899
if (is_array($access_control_nodes)) {
99100
foreach($access_control_nodes as $row) {
100101
if (permission_exists('access_control_node_edit')) {
101-
$tr_link = "href='access_control_node_edit.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."'";
102+
$tr_link = "href='access_control_node_edit.php?access_control_uuid=".urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid'])."'";
102103
}
103104
echo "<tr ".$tr_link.">\n";
104105
echo " <td valign='top' class='".$row_style[$c]."'>".escape($row['node_type'])."&nbsp;</td>\n";
@@ -107,10 +108,10 @@
107108
echo " <td valign='top' class='".$row_style[$c]."'>".escape($row['node_description'])."&nbsp;</td>\n";
108109
echo " <td class='list_control_icons'>";
109110
if (permission_exists('access_control_node_edit')) {
110-
echo "<a href='access_control_node_edit.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
111+
echo "<a href='access_control_node_edit.php?access_control_uuid=".urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
111112
}
112113
if (permission_exists('access_control_node_delete')) {
113-
echo "<a href='access_control_node_delete.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
114+
echo "<a href='access_control_node_delete.php?access_control_uuid=".urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
114115
}
115116
echo " </td>\n";
116117
echo "</tr>\n";
@@ -122,7 +123,7 @@
122123
echo "</table>\n";
123124
if (permission_exists('access_control_node_add')) {
124125
echo "<div style='float: right;'>\n";
125-
echo " <a href='access_control_node_edit.php?access_control_uuid=".escape($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>";
126+
echo " <a href='access_control_node_edit.php?access_control_uuid=".urlencode($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>";
126127
echo "</div>\n";
127128
}
128129
echo "<br />\n";

0 commit comments

Comments
 (0)