From 26e803d76ce4113c177728a919401f4ea32febcd Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Sun, 22 Mar 2026 16:11:37 +0000
Subject: [PATCH] Security using shell_esc for file cache flush command

---
 .../scripts/app/call_control/index.lua          | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/app/switch/resources/scripts/app/call_control/index.lua b/app/switch/resources/scripts/app/call_control/index.lua
index db523504c0..dd6185992a 100644
--- a/app/switch/resources/scripts/app/call_control/index.lua
+++ b/app/switch/resources/scripts/app/call_control/index.lua
@@ -57,13 +57,10 @@ pin_number = "";
 max_tries = "3";
 digit_timeout = "3000";
 
---define the trim function
+--load the functions
+require "resources.functions.shell_esc"
 require "resources.functions.trim";
-
---define the explode function
 require "resources.functions.explode";
-
---define the split function
 require "resources.functions.split";
 
 --connect to the database
@@ -194,8 +191,13 @@ if (session:ready() and pressed_digit) then
 	end
 	dbh:query(sql, params);
 
-	--clear the cache
-	os.execute('rm -f /var/cache/fusionpbx/directory.*@'..domain_name);
+	--clear the cache for each extension in this domain
+	local sql = [[SELECT * FROM v_extensions
+		WHERE domain_uuid = :domain_uuid]];
+	local params = {domain_uuid = domain_uuid};
+	dbh:query(sql, params, function(row)
+		os.execute('rm -f '.. shell_esc('/var/cache/fusionpbx/directory.'.. row["extension"] ..'@'..domain_name));
+	end);
 
 end
 
@@ -211,4 +213,3 @@ if (session:ready()) then
 	session:sleep(2000);
 	audio_file = "tone_stream://%(200,0,500,600,700)"
 end
-