From 2f56bc0b56dddfdb9cc9e50b12f896908403d8bc Mon Sep 17 00:00:00 2001
From: Mark Crane <markjcrane@gmail.com>
Date: Thu, 18 Apr 2013 07:30:55 +0000
Subject: [PATCH] Security improvement dial_string.lua

---
 includes/install/scripts/dial_string.lua | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/install/scripts/dial_string.lua b/includes/install/scripts/dial_string.lua
index 7d04fca285..00b7cfe763 100644
--- a/includes/install/scripts/dial_string.lua
+++ b/includes/install/scripts/dial_string.lua
@@ -41,6 +41,7 @@
 
 if ( session:ready() ) then
 	session:answer();
+	domain_uuid = session:getVariable("domain_uuid");
 	pin_number = session:getVariable("pin_number");
 	sounds_dir = session:getVariable("sounds_dir");
 	sip_from_user = session:getVariable("sip_from_user");
@@ -89,6 +90,7 @@ if ( session:ready() ) then
 		sql = sql .. "WHERE e.domain_uuid = d.domain_uuid ";
 		if (extension == "true") then
 			sql = sql .. "AND e.extension = '" .. unique_id .."' ";
+			sql = sql .. "AND e.domain_uuid = '" .. domain_uuid .."' ";
 		else
 			sql = sql .. "AND e.unique_id = '" .. unique_id .."' ";
 		end