Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
fusionpbx
/
fusionpbx-framework
-ын хуулбар https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Update users.php

FusionPBX 6 жил өмнө
parent
9dad6627f2
commit
f85d6442e6
1 өөрчлөгдсөн 5 нэмэгдсэн , 5 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 5 5
      core/users/users.php

+ 5 - 5
core/users/users.php
Файл харах 

@@ -191,12 +191,12 @@
 
 			echo "		".$row['groups']." \n";
 
 			echo "	</td>\n";
 
 
-			echo "	<td class='".$row_style[$c]."'><a href='/app/contacts/contact_edit.php?id=".$row['contact_uuid']."'>".$row['contact_organization']."</a> &nbsp;</td>\n";
 
-			echo "	<td class='".$row_style[$c]."'><a href='/app/contacts/contact_edit.php?id=".$row['contact_uuid']."'>".$row['contact_name_given']." ".$row['contact_name_family']."</a> &nbsp;</td>\n";
 
+			echo "	<td class='".$row_style[$c]."'><a href='/app/contacts/contact_edit.php?id=".urlencode($row['contact_uuid'])."'>".escape($row['contact_organization'])."</a> &nbsp;</td>\n";
 
+			echo "	<td class='".$row_style[$c]."'><a href='/app/contacts/contact_edit.php?id=".urlencode($row['contact_uuid'])."'>".escape($row['contact_name_given'])." ".escape($row['contact_name_family'])."</a> &nbsp;</td>\n";
 
 
 			echo "	<td class='".$row_style[$c]."'>\n";
 
 			if (permission_exists('ticket_edit')) {
 
-				echo "		<a href='/app/tickets/tickets.php?user_uuid=".$row['user_uuid']."'><span class='fas fa-tags' title='".$text['label-tickets']."'></span></a>\n";
 
+				echo "		<a href='/app/tickets/tickets.php?user_uuid=".urlencode($row['user_uuid'])."'><span class='fas fa-tags' title='".$text['label-tickets']."'></span></a>\n";
 
 			}
 
 			echo "	</td>\n";
 
 			echo "	<td valign='top' class='".$row_style[$c]."'>";
 
@@ -209,11 +209,11 @@
 
 			echo "&nbsp;</td>\n";
 
 			echo "	<td valign='top' align='right' class='tr_link_void'>";
 
 			if (permission_exists('user_edit')) {
 
-				echo "<a href='user_edit.php?id=".$row['user_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 
+				echo "<a href='user_edit.php?id=".urlencode($row['user_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 
 			}
 
 			if (permission_exists('user_delete')) {
 
 				if ($_SESSION["user"]["user_uuid"] != $row['user_uuid']) {
 
-					echo "<a href='user_delete.php?id=".$row['user_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
 
+					echo "<a href='user_delete.php?id=".urlencode($row['user_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
 
 				}
 
 				else {
 
 					echo "<span onclick=\"alert('".$text['message-cannot_delete_own_account']."');\">".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_delete)."</span>";