|
|
@@ -246,13 +246,13 @@
|
|
|
foreach($result as $row) {
|
|
|
$tr_link = "href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'";
|
|
|
echo "<tr ".$tr_link.">\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."'>".ucwords($row['contact_type'])." </td>\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."' style='width: 35%; max-width: 50px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_organization']."</a> </td>\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_name_given']."</a> </td>\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_name_family']."</a> </td>\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'>".$row['contact_nickname']." </td>\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['contact_title']." </td>\n";
|
|
|
- echo " <td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['contact_role']." </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."'>".ucwords(escape($row['contact_type']))." </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."' style='width: 35%; max-width: 50px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'><a href='contact_edit.php?id=".escape($row['contact_uuid'])."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".escape($row['contact_organization'])."</a> </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".escape($row['contact_uuid'])."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".escape($row['contact_name_given'])."</a> </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".escape($row['contact_uuid'])."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".escape($row['contact_name_family'])."</a> </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'>".escape($row['contact_nickname'])." </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".escape($row['contact_title'])." </td>\n";
|
|
|
+ echo " <td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".escape($row['contact_role'])." </td>\n";
|
|
|
echo " <td valign='top' class='".$row_style[$c]."' style='padding: 2px 2px; text-align: center; width: 25px;'>";
|
|
|
if (sizeof($contact_sync_sources[$row['contact_uuid']]) > 0) {
|
|
|
foreach ($contact_sync_sources[$row['contact_uuid']] as $contact_sync_source) {
|
|
|
@@ -264,8 +264,8 @@
|
|
|
else { echo " "; }
|
|
|
echo " </td>\n";
|
|
|
echo " <td class='list_control_icons'>";
|
|
|
- echo "<a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
|
|
|
- echo "<a href='contact_delete.php?id=".$row['contact_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
|
|
|
+ echo "<a href='contact_edit.php?id=".escape($row['contact_uuid'])."&query_string=".urlencode($_SERVER["QUERY_STRING"])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
|
|
|
+ echo "<a href='contact_delete.php?id=".escape($row['contact_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
|
|
|
echo " </td>\n";
|
|
|
echo "</tr>\n";
|
|
|
if ($c==0) { $c=1; } else { $c=0; }
|
FusionPBX