diff --git a/app/database_transactions/database_transactions.php b/app/database_transactions/database_transactions.php index 2bcf42e4e29..51592c0487f 100644 --- a/app/database_transactions/database_transactions.php +++ b/app/database_transactions/database_transactions.php @@ -118,7 +118,7 @@ echo " ".$text['title-database_transactions']."\n"; echo "
\n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo "
\n"; @@ -145,25 +145,25 @@ if (is_array($result)) { foreach($result as $row) { if (permission_exists('database_transaction_edit')) { - $tr_link = "href='database_transaction_edit.php?id=".$row['database_transaction_uuid']."'"; + $tr_link = "href='database_transaction_edit.php?id=".escape($row['database_transaction_uuid'])."'"; } echo "\n"; - echo " ".$row['domain_name']." \n"; - echo " ".$row['username']." \n"; - echo " ".$row['app_name']." \n"; - echo " ".$row['transaction_code']." \n"; - echo " ".$row['transaction_address']." \n"; - echo " ".$row['transaction_type']." \n"; - echo " ".$row['transaction_date']." \n"; - //echo " ".$row['transaction_old']." \n"; - //echo " ".$row['transaction_new']." \n"; - //echo " ".$row['transaction_result']." \n"; + echo " ".escape($row['domain_name'])." \n"; + echo " ".escape($row['username'])." \n"; + echo " ".escape($row['app_name'])." \n"; + echo " ".escape($row['transaction_code'])." \n"; + echo " ".escape($row['transaction_address'])." \n"; + echo " ".escape($row['transaction_type'])." \n"; + echo " ".escape($row['transaction_date'])." \n"; + //echo " ".escape($row['transaction_old']." \n"; + //echo " ".escape($row['transaction_new']." \n"; + //echo " ".escape($row['transaction_result']." \n"; echo " "; if (permission_exists('database_transaction_edit')) { - echo "$v_link_label_edit"; + echo "$v_link_label_edit"; } //if (permission_exists('database_transaction_delete')) { - // echo "$v_link_label_delete"; + // echo "$v_link_label_delete"; //} echo " \n"; echo "\n";