|
13 | 13 | The Original Code is FusionPBX |
14 | 14 | The Initial Developer of the Original Code is |
15 | 15 | Mark J Crane <markjcrane@fusionpbx.com> |
16 | | - Portions created by the Initial Developer are Copyright (C) 2018 |
| 16 | + Portions created by the Initial Developer are Copyright (C) 2019 |
17 | 17 | the Initial Developer. All Rights Reserved. |
18 | 18 | Contributor(s): |
19 | 19 | Mark J Crane <markjcrane@fusionpbx.com> |
|
26 | 26 |
|
27 | 27 | //check permissions |
28 | 28 | if (!permission_exists('access_control_node_view')) { |
29 | | - echo "access denied"; exit; |
| 29 | + echo "access denied"; |
| 30 | + exit; |
30 | 31 | } |
31 | 32 |
|
32 | 33 | //add multi-lingual support |
|
87 | 88 | echo th_order_by('node_description', $text['label-node_description'], $order_by, $order); |
88 | 89 | echo "<td class='list_control_icons'>"; |
89 | 90 | if (permission_exists('access_control_node_add')) { |
90 | | - echo "<a href='access_control_node_edit.php?access_control_uuid=".escape($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>"; |
| 91 | + echo "<a href='access_control_node_edit.php?access_control_uuid=".urlencode($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>"; |
91 | 92 | } |
92 | 93 | else { |
93 | 94 | echo " \n"; |
|
98 | 99 | if (is_array($access_control_nodes)) { |
99 | 100 | foreach($access_control_nodes as $row) { |
100 | 101 | if (permission_exists('access_control_node_edit')) { |
101 | | - $tr_link = "href='access_control_node_edit.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."'"; |
| 102 | + $tr_link = "href='access_control_node_edit.php?access_control_uuid=".urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid'])."'"; |
102 | 103 | } |
103 | 104 | echo "<tr ".$tr_link.">\n"; |
104 | 105 | echo " <td valign='top' class='".$row_style[$c]."'>".escape($row['node_type'])." </td>\n"; |
|
107 | 108 | echo " <td valign='top' class='".$row_style[$c]."'>".escape($row['node_description'])." </td>\n"; |
108 | 109 | echo " <td class='list_control_icons'>"; |
109 | 110 | if (permission_exists('access_control_node_edit')) { |
110 | | - echo "<a href='access_control_node_edit.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>"; |
| 111 | + echo "<a href='access_control_node_edit.php?access_control_uuid=".urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>"; |
111 | 112 | } |
112 | 113 | if (permission_exists('access_control_node_delete')) { |
113 | | - echo "<a href='access_control_node_delete.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>"; |
| 114 | + echo "<a href='access_control_node_delete.php?access_control_uuid=".urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>"; |
114 | 115 | } |
115 | 116 | echo " </td>\n"; |
116 | 117 | echo "</tr>\n"; |
|
122 | 123 | echo "</table>\n"; |
123 | 124 | if (permission_exists('access_control_node_add')) { |
124 | 125 | echo "<div style='float: right;'>\n"; |
125 | | - echo " <a href='access_control_node_edit.php?access_control_uuid=".escape($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>"; |
| 126 | + echo " <a href='access_control_node_edit.php?access_control_uuid=".urlencode($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>"; |
126 | 127 | echo "</div>\n"; |
127 | 128 | } |
128 | 129 | echo "<br />\n"; |
|
0 commit comments