From 233b4650b6de69ea0a38fd51401b34b16bb822df Mon Sep 17 00:00:00 2001 From: AlexanderDCrane <40072887+AlexanderDCrane@users.noreply.github.com> Date: Mon, 27 Aug 2018 15:12:43 -0600 Subject: [PATCH] Update database_transactions.php (#3293) --- .../database_transactions.php | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/app/database_transactions/database_transactions.php b/app/database_transactions/database_transactions.php index 2bcf42e4e29..51592c0487f 100644 --- a/app/database_transactions/database_transactions.php +++ b/app/database_transactions/database_transactions.php @@ -118,7 +118,7 @@ echo " ".$text['title-database_transactions']."\n"; echo "
\n"; echo " \n"; - echo " \n"; + echo " \n"; echo " \n"; echo " \n"; echo "
\n"; @@ -145,25 +145,25 @@ if (is_array($result)) { foreach($result as $row) { if (permission_exists('database_transaction_edit')) { - $tr_link = "href='database_transaction_edit.php?id=".$row['database_transaction_uuid']."'"; + $tr_link = "href='database_transaction_edit.php?id=".escape($row['database_transaction_uuid'])."'"; } echo "\n"; - echo " ".$row['domain_name']." \n"; - echo " ".$row['username']." \n"; - echo " ".$row['app_name']." \n"; - echo " ".$row['transaction_code']." \n"; - echo " ".$row['transaction_address']." \n"; - echo " ".$row['transaction_type']." \n"; - echo " ".$row['transaction_date']." \n"; - //echo " ".$row['transaction_old']." \n"; - //echo " ".$row['transaction_new']." \n"; - //echo " ".$row['transaction_result']." \n"; + echo " ".escape($row['domain_name'])." \n"; + echo " ".escape($row['username'])." \n"; + echo " ".escape($row['app_name'])." \n"; + echo " ".escape($row['transaction_code'])." \n"; + echo " ".escape($row['transaction_address'])." \n"; + echo " ".escape($row['transaction_type'])." \n"; + echo " ".escape($row['transaction_date'])." \n"; + //echo " ".escape($row['transaction_old']." \n"; + //echo " ".escape($row['transaction_new']." \n"; + //echo " ".escape($row['transaction_result']." \n"; echo " "; if (permission_exists('database_transaction_edit')) { - echo "$v_link_label_edit"; + echo "$v_link_label_edit"; } //if (permission_exists('database_transaction_delete')) { - // echo "$v_link_label_delete"; + // echo "$v_link_label_delete"; //} echo " \n"; echo "\n";