custom html for enhanced theme

core/default_settings/default_setting_edit.php

@@ -464,7 +464,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "	<textarea class='formfld' style='width: 100%; height: 80px; font-family: courier; white-space: nowrap; overflow: auto;' name='default_setting_value' wrap='off'>".$default_setting_value."</textarea>\n";
 	}
 	else {
-		echo "	<input class='formfld' type='text' name='default_setting_value' maxlength='255' value=\"".$default_setting_value."\">\n";
+		echo "	<input class='formfld' type='text' name='default_setting_value' value=\"".htmlspecialchars($default_setting_value)."\">\n";
 	}
 	echo "<br />\n";
 	echo $text['description-value']."\n";
@@ -553,4 +553,4 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 
 //include the footer
 	require_once "resources/footer.php";
-?>
+?>

core/default_settings/default_settings.php

@@ -422,7 +422,7 @@ if (permission_exists("domain_select") && permission_exists("domain_setting_add"
 			elseif ($category == "provision" && $subcategory == "password" && $name == "var" ) {
 				echo "		********  \n";
 			} else {
-				echo "		".substr($row['default_setting_value'],0,58);
+				echo "		".htmlspecialchars(substr($row['default_setting_value'],0,58));
 			}
 			echo "		 \n";
 			echo "	</td>\n";
@@ -491,4 +491,4 @@ if (permission_exists("domain_select") && permission_exists("domain_setting_add"
 
 //include the footer
 	require_once "resources/footer.php";
-?>
+?>

themes/enhanced/template.php

@@ -1605,6 +1605,9 @@ if (strlen($_SESSION['message']) > 0) {
 	<?php
 	$footer .= "&copy; Copyright 2008 - ".date("Y")." <a href='http://www.fusionpbx.com' class='footer' target='_blank'>fusionpbx.com</a>. All rights reserved.\n";
 	echo "<div id='footer' style='position: absolute; z-index; 10000;'><span class='footer'>".$footer."</span></div>\n";
+	if (isset($_SESSION['theme']['bottom_html']['text'])){
+		echo $_SESSION['theme']['bottom_html']['text'];
+	}
 	?>
 
 </body>