From b3a42dad391cbea4ec00ccb290c7f0c70cabc3e7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 4 Jun 2024 10:18:56 +0200
Subject: [PATCH] Debug v20

---
 htdocs/asterisk/wrapper.php           |  7 +++++--
 htdocs/core/class/html.form.class.php | 10 +++++-----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php
index c26d6e802e8..6d79f15aa6c 100644
--- a/htdocs/asterisk/wrapper.php
+++ b/htdocs/asterisk/wrapper.php
@@ -77,7 +77,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 
 
 // Security check
-if (empty($conf->clicktodial->enabled)) {
+if (!isModEnabled('clicktodial')) {
 	accessforbidden();
 	exit;
 }
@@ -118,8 +118,11 @@ $password = GETPOST('password', 'none');
 $caller = GETPOST('caller', 'alphanohtml');
 $called = GETPOST('called', 'alphanohtml');
 
-// Sanitize password to avoid to use the wrapper to inject malicious paylod into asterisk
+// Sanitize input data to avoid to use the wrapper to inject malicious paylod into asterisk
+$login = preg_replace('/[\n\r]/', '', $login);
 $password = preg_replace('/[\n\r]/', '', $password);
+$caller = preg_replace('/[\n\r]/', '', $caller);
+$called = preg_replace('/[\n\r]/', '', $called);
 
 // IP address of Asterisk server
 $strHost = getDolGlobalString('ASTERISK_HOST');
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 73cff8228ed..36e6582f252 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -10854,10 +10854,10 @@ class Form
 	 * Output the component to make advanced search criteries
 	 *
 	 * @param 	array<array<string,array{type:string}>>	$arrayofcriterias 					Array of available search criteria. Example: array($object->element => $object->fields, 'otherfamily' => otherarrayoffields, ...)
-	 * @param 	array<int,string> 	$search_component_params Array of selected search criteria
-	 * @param 	string[] $arrayofinputfieldsalreadyoutput 	Array of input fields already inform. The component will not generate a hidden input field if it is in this list.
-	 * @param 	string 	$search_component_params_hidden 	String with $search_component_params criteria
-	 * @return	string                                    	HTML component for advanced search
+	 * @param 	array<int,string> 						$search_component_params 			Array of selected search criteria
+	 * @param 	string[] 								$arrayofinputfieldsalreadyoutput 	Array of input fields already inform. The component will not generate a hidden input field if it is in this list.
+	 * @param 	string 									$search_component_params_hidden 	String with $search_component_params criteria
+	 * @return	string                                    									HTML component for advanced search
 	 */
 	public function searchComponent($arrayofcriterias, $search_component_params, $arrayofinputfieldsalreadyoutput = array(), $search_component_params_hidden = '')
 	{
@@ -10871,7 +10871,7 @@ class Form
 
 		$ret .= '<div class="divadvancedsearchfieldcomp centpercent inline-block">';
 		$ret .= '<a href="#" class="dropdownsearch-toggle unsetcolor">';
-		$ret .= '<span class="fas fa-filter linkobject boxfilter paddingright pictofixedwidth hideonsmartphone" title="' . dol_escape_htmltag($langs->trans("Filters")) . '" id="idsubimgproductdistribution"></span>';
+		$ret .= '<span class="fas fa-filter linkobject boxfilter paddingright pictofixedwidth" title="' . dol_escape_htmltag($langs->trans("Filters")) . '" id="idsubimgproductdistribution"></span>';
 		$ret .= '</a>';
 
 		$ret .= '<div class="divadvancedsearchfieldcompinput inline-block minwidth500 maxwidth300onsmartphone">';