nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 09:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve the security on when adding inbound dialplans.

Browse Source
This commit is contained in:
Mark Crane
2013-08-26 23:18:01 +00:00
parent 2d1c83eee5
commit 252571bd19
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/dialplan_inbound/dialplan_inbound_add.php
View File

@@ -678,7 +678,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "</td>\n";
echo "</tr>\n";
if (permission_exists("inbound_route_edit") && $action == "advanced") {
if (permission_exists("inbound_route_edit") && $action == "advanced" && if_group("superadmin")) {
echo "<tr>\n";
echo "<td class='vncellreq' valign='top' align='left' nowrap>\n";
echo " ".$text['label-condition_1'].":\n";
@@ -974,9 +974,11 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "<tr>\n";
echo " <td colspan='5' align='right'>\n";
if ($action == "update") {
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
if ($action == "update" && if_group("superadmin")) {
echo " <input type='hidden' name='dialplan_uuid' value='$dialplan_uuid'>\n";
}
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
}
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n";
echo "</tr>";