nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[security] sanitize the xml (#6595)

Browse Source 
* Update call_center_queue_edit.php

* fix typo

* Update call_flow_edit.php

* Update conference_center_edit.php

* Update conference_edit.php

* Update destination_edit.php

* Update fax.php

* Update ivr_menu_edit.php

* Update ring_group_edit.php

* Update app_defaults.php

* Update ivr_menu_copy.php

* Update destination_imports.php

* Update app_defaults.php
This commit is contained in:
Alex
2023-03-30 12:46:36 -06:00
committed by GitHub
parent 3091370f14
commit 43eb2a5b9d
12 changed files with 76 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/call_flows/call_flow_edit.php
View File

@@ -172,16 +172,16 @@
$destination_feature = str_replace("+", "\+", $destination_feature);
//build the xml dialplan
$dialplan_xml = "<extension name=\"".$call_flow_name."\" continue=\"\" uuid=\"".$dialplan_uuid."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".$destination_feature."$\" break=\"on-true\">\n";
$dialplan_xml = "<extension name=\"".xml::sanitize($call_flow_name)."\" continue=\"\" uuid=\"".xml::sanitize($dialplan_uuid)."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".xml::sanitize($destination_feature)."$\" break=\"on-true\">\n";
$dialplan_xml .= " <action application=\"answer\" data=\"\"/>\n";
$dialplan_xml .= " <action application=\"sleep\" data=\"200\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"feature_code=true\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"call_flow_uuid=".$call_flow_uuid."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"call_flow_uuid=".xml::sanitize($call_flow_uuid)."\"/>\n";
$dialplan_xml .= " <action application=\"lua\" data=\"call_flow.lua\"/>\n";
$dialplan_xml .= " </condition>\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".$destination_extension."$\">\n";
$dialplan_xml .= " <action application=\"set\" data=\"call_flow_uuid=".$call_flow_uuid."\"/>\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".xml::sanitize($destination_extension)."$\">\n";
$dialplan_xml .= " <action application=\"set\" data=\"call_flow_uuid=".xml::sanitize($call_flow_uuid)."\"/>\n";
$dialplan_xml .= " <action application=\"lua\" data=\"call_flow.lua\"/>\n";
$dialplan_xml .= " </condition>\n";
$dialplan_xml .= "</extension>\n";