7 年前 · 777b701ede
--- a/active_extensions/active_extension_assigned_inc.php
+++ b/active_extensions/active_extension_assigned_inc.php
@@ -103,12 +103,12 @@
 
				 								$style_alternate = "style=\"color: #444444; background-image: url('".PROJECT_PATH."/themes/".$_SESSION['domain']['template']['name']."/images/background_cell_active.gif');\"";
			
 
				 							}
			
 
				 							echo "<tr>\n";
			
 
				-							echo "<td class='".$row_style[$c]."' $style_alternate>$extension</td>\n";
			
 
				+							echo "<td class='".$row_style[$c]."' $style_alternate>".escape($extension)."</td>\n";
			
 
				 							if ($_SESSION['user_status_display'] == "false") {
			
 
				 								//hide the user_status when it is set to false
			
 
				 							}
			
 
				 							else {
			
 
				-								echo "<td class='".$row_style[$c]."' $style_alternate>".$user_array[$extension]['user_status']."&nbsp;</td>\n";
			
 
				+								echo "<td class='".$row_style[$c]."' $style_alternate>".escape($user_array[$extension]['user_status'])."&nbsp;</td>\n";
			
 
				 							}
			
 
				 							echo "<td class='".$row_style[$c]."' $style_alternate width='20px;'>".$call_length."</td>\n";
			
 
				 	
			
@@ -117,8 +117,8 @@
 
				 							}
			
 
				 							$url = str_replace ("{cid_num}", $cid_num, $url);
			
 
				 							$url = str_replace ("{cid_name}", $cid_name, $url);
			
 
				-							echo "<td class='".$row_style[$c]."' $style_alternate><a href='".$url."' style='color: #444444;' target='_blank'>".$cid_name."</a></td>\n";
			
 
				-							echo "<td class='".$row_style[$c]."' $style_alternate><a href='".$url."' style='color: #444444;' target='_blank'>".$cid_num."</a></td>\n";
			
 
				+							echo "<td class='".$row_style[$c]."' $style_alternate><a href='".escape($url)."' style='color: #444444;' target='_blank'>".escape($cid_name)."</a></td>\n";
			
 
				+							echo "<td class='".$row_style[$c]."' $style_alternate><a href='".escape($url)."' style='color: #444444;' target='_blank'>".escape($cid_num)."</a></td>\n";
			
 
				 	
			
 
				 							//get the active uuid list
			
 
				 								if (strlen($uuid) > 1) {
			
@@ -187,7 +187,7 @@
 
				 								//hide the user_status when it is set to false
			
 
				 							}
			
 
				 							else {
			
 
				-								echo "<td class='".$row_style[$c]."' $style_alternate>".$user_array[$extension]['user_status']."&nbsp;</td>\n";
			
 
				+								echo "<td class='".$row_style[$c]."' $style_alternate>".escape($user_array[$extension]['user_status'])."&nbsp;</td>\n";
			
 
				 							}
			
 
				 							echo "<td class='".$row_style[$c]."' $style_alternate>&nbsp;</td>\n";
			
 
				 							echo "<td class='".$row_style[$c]."' $style_alternate>&nbsp;</td>\n";