Changeset 10521
- Timestamp:
- 11/02/10 15:19:58 (3 years ago)
- Files:
-
- modules/branches/2.4 (modified) (1 prop)
- modules/branches/2.4/customappsreg/functions.inc.php (modified) (4 diffs)
- modules/branches/2.4/customappsreg/page.customdests.php (modified) (2 diffs)
- modules/branches/2.4/customappsreg/page.customextens.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
modules/branches/2.4
- Property svnmerge-integrated changed from /modules/branches/2.3:1-5233,5245,5333,5336 /modules/branches/2.5:1-5852,5880,5930,5995,6016-6017,6030-6031,6142,6218,6291,6361,6363,6413-6414,6422,6428-6430,6442-6443,6557,6710,6714-6715,6969-6970,6984,7248,7281,7858-7859,7875,7878,7886,7890,8615,8622,10302,10342,10461 to /modules/branches/2.3:1-5233,5245,5333,5336 /modules/branches/2.5:1-5852,5880,5930,5995,6016-6017,6030-6031,6142,6218,6291,6361,6363,6413-6414,6422,6428-6430,6442-6443,6557,6710,6714-6715,6969-6970,6984,7248,7281,7858-7859,7875,7878,7886,7890,8615,8622,10302,10342,10461,10520
modules/branches/2.4/customappsreg/functions.inc.php
r5500 r10521 114 114 } 115 115 116 $custom_dest = q($custom_dest);117 $description = q($description);118 $notes = q($notes);116 $custom_dest = sql_formattext($custom_dest); 117 $description = sql_formattext($description); 118 $notes = sql_formattext($notes); 119 119 $sql = "INSERT INTO custom_destinations (custom_dest, description, notes) VALUES ($custom_dest, $description, $notes)"; 120 120 $results = $db->query($sql); … … 142 142 } 143 143 144 $custom_exten = q($custom_exten);145 $description = q($description);146 $notes = q($notes);144 $custom_exten = sql_formattext($custom_exten); 145 $description = sql_formattext($description); 146 $notes = sql_formattext($notes); 147 147 $sql = "INSERT INTO custom_extensions (custom_exten, description, notes) VALUES ($custom_exten, $description, $notes)"; 148 148 $results = $db->query($sql); … … 190 190 191 191 $sql = "UPDATE custom_destinations SET ". 192 "custom_dest = ". q($custom_dest).", ".193 "description = ". q($description).", ".194 "notes = ". q($notes)." ".195 "WHERE custom_dest = ". q($old_custom_dest);192 "custom_dest = ".sql_formattext($custom_dest).", ". 193 "description = ".sql_formattext($description).", ". 194 "notes = ".sql_formattext($notes)." ". 195 "WHERE custom_dest = ".sql_formattext($old_custom_dest); 196 196 $result = $db->query($sql); 197 197 if(DB::IsError($result)) { … … 204 204 205 205 $sql = "UPDATE custom_extensions SET ". 206 "custom_exten = ". q($custom_exten).", ".207 "description = ". q($description).", ".208 "notes = ". q($notes)." ".209 "WHERE custom_exten = ". q($old_custom_exten);206 "custom_exten = ".sql_formattext($custom_exten).", ". 207 "description = ".sql_formattext($description).", ". 208 "notes = ".sql_formattext($notes)." ". 209 "WHERE custom_exten = ".sql_formattext($old_custom_exten); 210 210 $result = $db->query($sql); 211 211 if(DB::IsError($result)) { modules/branches/2.4/customappsreg/page.customdests.php
r5719 r10521 21 21 $old_custom_dest = isset($_REQUEST['old_custom_dest']) ? $_REQUEST['old_custom_dest'] : ''; 22 22 $custom_dest = isset($_REQUEST['extdisplay']) ? $_REQUEST['extdisplay'] : ''; 23 $description = isset($_REQUEST['description']) ? $_REQUEST['description']: '';24 $notes = isset($_REQUEST['notes']) ? $_REQUEST['notes']: '';23 $description = isset($_REQUEST['description']) ? htmlentities($_REQUEST['description']) : ''; 24 $notes = isset($_REQUEST['notes']) ? htmlentities($_REQUEST['notes']) : ''; 25 25 26 26 switch ($action) { … … 104 104 if (!empty($usage_list)) { 105 105 ?> 106 <td><b><?php echo $custom_dest; ?></b></td>106 <td><b><?php echo htmlentities($custom_dest); ?></b></td> 107 107 <?php 108 108 } else { modules/branches/2.4/customappsreg/page.customextens.php
r5324 r10521 19 19 if (isset($_REQUEST['delete'])) $action = 'delete'; 20 20 21 $old_custom_exten = isset($_REQUEST['old_custom_exten']) ? $_REQUEST['old_custom_exten'] : ''; 22 $custom_exten = isset($_REQUEST['extdisplay']) ? $_REQUEST['extdisplay'] : ''; 23 $description = isset($_REQUEST['description']) ? $_REQUEST['description'] : ''; 24 $notes = isset($_REQUEST['notes']) ? $_REQUEST['notes'] : ''; 21 $custom_exten = preg_replace("/[^0-9*#]/" ,"", trim($custom_exten)); 22 23 $old_custom_exten = isset($_REQUEST['old_custom_exten']) ? preg_replace("/[^0-9*#]/" ,"",$_REQUEST['old_custom_exten']) : ''; 24 $custom_exten = isset($_REQUEST['extdisplay']) ? preg_replace("/[^0-9*#]/" ,"",$_REQUEST['extdisplay']) : ''; 25 $description = isset($_REQUEST['description']) ? htmlentities($_REQUEST['description']) : ''; 26 $notes = isset($_REQUEST['notes']) ? htmlentities($_REQUEST['notes']) : ''; 25 27 26 28 switch ($action) {
