nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 11:43:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[security] sanitize the xml (#6595)

Browse Source 
* Update call_center_queue_edit.php

* fix typo

* Update call_flow_edit.php

* Update conference_center_edit.php

* Update conference_edit.php

* Update destination_edit.php

* Update fax.php

* Update ivr_menu_edit.php

* Update ring_group_edit.php

* Update app_defaults.php

* Update ivr_menu_copy.php

* Update destination_imports.php

* Update app_defaults.php
This commit is contained in:
Alex
2023-03-30 12:46:36 -06:00
committed by GitHub
parent 3091370f14
commit 43eb2a5b9d
12 changed files with 76 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/conferences/conference_edit.php
View File

@@ -201,13 +201,13 @@
$pin_number = (strlen($conference_pin_number) > 0) ? '+'.$conference_pin_number : '';
//build the xml
$dialplan_xml = "<extension name=\"".$conference_name."\" continue=\"\" uuid=\"".$dialplan_uuid."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".$conference_extension."$\">\n";
$dialplan_xml = "<extension name=\"".xml::sanitize($conference_name)."\" continue=\"\" uuid=\"".xml::sanitize($dialplan_uuid)."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".xml::sanitize($conference_extension)."$\">\n";
$dialplan_xml .= " <action application=\"answer\" data=\"\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"conference_uuid=".$conference_uuid."\" inline=\"true\"/>\n";
//$dialplan_xml .= " <action application=\"set\" data=\"conference_name=".$conference_name."\" inline=\"true\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"conference_extension=".$conference_extension."\" inline=\"true\"/>\n";
$dialplan_xml .= " <action application=\"conference\" data=\"".$conference_extension."@".$_SESSION['domain_name']."@".$conference_profile.$pin_number."+flags{'".$conference_flags."'}\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"conference_uuid=".xml::sanitize($conference_uuid)."\" inline=\"true\"/>\n";
//$dialplan_xml .= " <action application=\"set\" data=\"conference_name=".xml::sanitize($conference_name)."\" inline=\"true\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"conference_extension=".xml::sanitize($conference_extension)."\" inline=\"true\"/>\n";
$dialplan_xml .= " <action application=\"conference\" data=\"".xml::sanitize($conference_extension)."@".$_SESSION['domain_name']."@".xml::sanitize($conference_profile.$pin_number)."+flags{'".xml::sanitize($conference_flags)."'}\"/>\n";
$dialplan_xml .= " </condition>\n";
$dialplan_xml .= "</extension>\n";