nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 11:43:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve the security, simplify the code, and prevent bugs by using the HTTP POST to build a new array.

Browse Source
This commit is contained in:
Mark Crane
2014-04-01 09:01:40 +00:00
parent 985d3be4d7
commit 115ed642c9
1 changed files with 28 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
app/dialplan/dialplan_edit.php
View File

@@ -107,31 +107,35 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
return;
}
//remove the invalid characters from the extension name
foreach ($_POST as $key => $value) {
if ($key == "dialplan_name") {
$dialplan_name = str_replace(" ", "_", $value);
$dialplan_name = str_replace("/", "", $dialplan_name);
$_POST["dialplan_name"] = $dialplan_name;
}
}
//array preparation
//remove the invalid characters from the dialplan name
$dialplan_name = check_str($_POST["dialplan_name"]);
$dialplan_name = str_replace(" ", "_", $dialplan_name);
$dialplan_name = str_replace("/", "", $dialplan_name);
//build the array
$array['domain_uuid'] = $_SESSION['domain_uuid'];
$array['dialplan_uuid'] = check_str($_POST["dialplan_uuid"]);
$array['dialplan_name'] = $dialplan_name;
$array['dialplan_number'] = check_str($_POST["dialplan_number"]);
$array['dialplan_context'] = check_str($_POST["dialplan_context"]);
$array['dialplan_continue'] = check_str($_POST["dialplan_continue"]);
$array['dialplan_order'] = check_str($_POST["dialplan_order"]);
$array['dialplan_enabled'] = check_str($_POST["dialplan_enabled"]);
$array['dialplan_description'] = check_str($_POST["dialplan_description"]);
$x = 0;
foreach ($_POST["dialplan_details"] as $row) {
//unset the empty row
if (strlen($row["dialplan_detail_tag"]) == 0) {
unset($_POST["dialplan_details"][$x]);
}
//unset dialplan_detail_uuid if the field has no value
if (strlen($row["dialplan_detail_uuid"]) == 0) {
unset($_POST["dialplan_details"][$x]["dialplan_detail_uuid"]);
}
//set the domain_uuid
if (strlen($row["domain_uuid"]) == 0) {
$_POST["dialplan_details"][$x]["domain_uuid"] = $_SESSION['domain_uuid'];
}
//increment the row
$x++;
if (strlen($row["dialplan_detail_tag"]) > 0) {
$array['dialplan_details'][$x]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['dialplan_details'][$x]['dialplan_detail_uuid'] = check_str($row["dialplan_detail_uuid"]);
$array['dialplan_details'][$x]['dialplan_detail_tag'] = check_str($row["dialplan_detail_tag"]);
$array['dialplan_details'][$x]['dialplan_detail_type'] = check_str($row["dialplan_detail_type"]);
$array['dialplan_details'][$x]['dialplan_detail_data'] = check_str($row["dialplan_detail_data"]);
$array['dialplan_details'][$x]['dialplan_detail_break'] = check_str($row["dialplan_detail_break"]);
$array['dialplan_details'][$x]['dialplan_detail_inline'] = check_str($row["dialplan_detail_inline"]);
$array['dialplan_details'][$x]['dialplan_detail_group'] = check_str($row["dialplan_detail_group"]);
$array['dialplan_details'][$x]['dialplan_detail_order'] = check_str($row["dialplan_detail_order"]);
}
$x++;
}
//add or update the database
@@ -139,7 +143,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$orm = new orm;
$orm->name('dialplans');
$orm->uuid($dialplan_uuid);
$orm->save($_POST);
$orm->save($array);
//$message = $orm->message;
}