nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Recordings: Additional sanitation on file rename.

Browse Source
This commit is contained in:
Nate
2020-09-29 18:05:37 -06:00
parent b2d0bc504a
commit 15408eee73
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/recordings/recording_edit.php
View File

@@ -55,10 +55,18 @@
$recording_name = $_POST["recording_name"];
$recording_description = $_POST["recording_description"];
//clean the recording filename and name
$recording_filename = str_replace(" ", "_", $recording_filename);
$recording_filename = str_replace("'", "", $recording_filename);
$recording_name = str_replace("'", "", $recording_name);
//sanitize recording filename and name
$recording_filename_ext = strtolower(pathinfo($recording_filename, PATHINFO_EXTENSION));
if (!in_array($recording_filename_ext, ['wav','mp3','ogg'])) {
$recording_filename = pathinfo($recording_filename, PATHINFO_FILENAME);
$recording_filename = str_replace('.', '', $recording_filename);
}
$recording_filename = str_replace("\\", '', $recording_filename);
$recording_filename = str_replace('/', '', $recording_filename);
$recording_filename = str_replace('..', '', $recording_filename);
$recording_filename = str_replace(' ', '_', $recording_filename);
$recording_filename = str_replace("'", '', $recording_filename);
$recording_name = str_replace("'", '', $recording_name);
}
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {