|
|
@@ -17,7 +17,7 @@
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
Mark J Crane <[email protected]>
|
|
|
- Portions created by the Initial Developer are Copyright (C) 2008-2019
|
|
|
+ Portions created by the Initial Developer are Copyright (C) 2008-2022
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
Contributor(s):
|
|
|
@@ -87,6 +87,9 @@
|
|
|
$menu_item_order = $_POST["menu_item_order"];
|
|
|
}
|
|
|
|
|
|
+//sanitize the menu link
|
|
|
+ $menu_item_link = preg_replace('#[^a-zA-Z0-9_\-\.\&\=\?\/]#', '', $menu_item_link);
|
|
|
+
|
|
|
//when a HTTP POST is available then process it
|
|
|
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
|
|
|
|
|
|
@@ -561,4 +564,4 @@
|
|
|
//include the footer
|
|
|
require_once "resources/footer.php";
|
|
|
|
|
|
-?>
|
|
|
+?>
|
FusionPBX