diff --git a/app/music_on_hold/music_on_hold.php b/app/music_on_hold/music_on_hold.php index 0153f0f548..9d48d59f2f 100644 --- a/app/music_on_hold/music_on_hold.php +++ b/app/music_on_hold/music_on_hold.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2025 + Portions created by the Initial Developer are Copyright (C) 2008-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -203,19 +203,20 @@ //get remaining values $stream_file_name_temp = $_FILES['file']['tmp_name']; - $stream_file_name = $_FILES['file']['name']; - $stream_file_ext = strtolower(pathinfo($stream_file_name, PATHINFO_EXTENSION)); + $stream_file_name = pathinfo($_FILES['file']['name'], PATHINFO_FILENAME); + $stream_file_ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); //check file type $valid_file_type = ($stream_file_ext == 'wav' || $stream_file_ext == 'mp3' || $stream_file_ext == 'ogg') ? true : false; //proceed for valid file type - if ($stream_file_ext == 'wav' || $stream_file_ext == 'mp3' || $stream_file_ext == 'ogg') { + if ($valid_file_type) { //strip slashes, replace spaces $slashes = ["/","\\"]; $stream_file_name = str_replace($slashes, '', $stream_file_name); $stream_file_name = str_replace(' ', '-', $stream_file_name); + $stream_file_name = $stream_file_name.'.'.$stream_file_ext; if ($action == "add") { $stream_name = str_replace($slashes, '', $stream_name); $stream_name = str_replace(' ', '_', $stream_name); @@ -328,9 +329,10 @@ //file type check echo " function check_file_type(file_input) {\n"; - echo " file_ext = file_input.value.substr((~-file_input.value.lastIndexOf('.') >>> 0) + 2);\n"; + echo " file_ext = file_input.value.substr((~-file_input.value.lastIndexOf('.') >>> 0) + 2).toLowerCase();\n"; echo " if (file_ext != 'mp3' && file_ext != 'wav' && file_ext != 'ogg' && file_ext != '') {\n"; echo " display_message(\"".$text['message-unsupported_file_type']."\", 'negative', '2750');\n"; + echo " document.getElementById('form_upload').reset();\n"; echo " }\n"; echo " }\n"; diff --git a/app/recordings/recordings.php b/app/recordings/recordings.php index 1b1abbc5d3..770f5da69c 100644 --- a/app/recordings/recordings.php +++ b/app/recordings/recordings.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2025 + Portions created by the Initial Developer are Copyright (C) 2008-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -146,9 +146,14 @@ //upload the recording if ($action == "upload" && permission_exists('recording_upload') && is_uploaded_file($_FILES['file']['tmp_name'])) { + //get the file name and extension + $file_name = pathinfo($_FILES['file']['name'], PATHINFO_FILENAME); + $file_ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); + //remove special characters $recording_filename = str_replace(" ", "_", $_FILES['file']['name']); $recording_filename = str_replace("'", "", $recording_filename); + $recording_filename = $file_name.'.'.$file_ext; //make sure the destination directory exists if (!is_dir($switch_recordings.'/'.$domain_name)) { @@ -412,9 +417,10 @@ //file type check script echo ""; diff --git a/app/voicemail_greetings/voicemail_greetings.php b/app/voicemail_greetings/voicemail_greetings.php index 436cfecf00..bc953262e0 100644 --- a/app/voicemail_greetings/voicemail_greetings.php +++ b/app/voicemail_greetings/voicemail_greetings.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2025 + Portions created by the Initial Developer are Copyright (C) 2008-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -178,8 +178,8 @@ } //get the file extension - $file_ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); $file_name = $_FILES['file']['name']; + $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); //define the allowed file extensions $allowed_extensions = ['wav', 'mp3', 'ogg']; @@ -239,7 +239,7 @@ $array['voicemail_greetings'][$x]['greeting_filename'] = $greeting_file_name; $array['voicemail_greetings'][$x]['greeting_description'] = ''; if (!empty($settings->get('voicemail', 'storage_type')) && $settings->get('voicemail', 'storage_type') == 'base64') { - $array['voicemail_greetings'][$x]['greeting_base64'] = base64_encode(file_get_contents($greeting_dir.'/'.$file_name)); + $array['voicemail_greetings'][$x]['greeting_base64'] = base64_encode(file_get_contents($greeting_dir.'/'.$greeting_file_name)); } //save the array @@ -356,7 +356,7 @@ //file type check script echo "