nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 19:53:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

[security] sanitize the xml (#6595)

Browse Source 
* Update call_center_queue_edit.php

* fix typo

* Update call_flow_edit.php

* Update conference_center_edit.php

* Update conference_edit.php

* Update destination_edit.php

* Update fax.php

* Update ivr_menu_edit.php

* Update ring_group_edit.php

* Update app_defaults.php

* Update ivr_menu_copy.php

* Update destination_imports.php

* Update app_defaults.php
This commit is contained in:
Alex
2023-03-30 12:46:36 -06:00
committed by GitHub
parent 3091370f14
commit 43eb2a5b9d
12 changed files with 76 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/fax/resources/classes/fax.php
View File

@@ -132,24 +132,24 @@ if (!class_exists('fax')) {
}
//set the rx_fax
$rxfax_data = $_SESSION['switch']['storage']['dir'].'/fax/'.$_SESSION['domain_name'].'/'.$this->fax_extension.'/inbox/'.$this->forward_prefix.'${last_fax}.tif';
$rxfax_data = $_SESSION['switch']['storage']['dir'].'/fax/'.$_SESSION['domain_name'].'/'.xml::sanitize($this->fax_extension).'/inbox/'.xml::sanitize($this->forward_prefix).'${last_fax}.tif';
//build the xml dialplan
$dialplan_xml = "<extension name=\"".$fax_name ."\" continue=\"false\" uuid=\"".$this->dialplan_uuid."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".$this->destination_number."$\">\n";
$dialplan_xml = "<extension name=\"".xml::sanitize($fax_name)."\" continue=\"false\" uuid=\"".xml::sanitize($this->dialplan_uuid)."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^".xml::sanitize($this->destination_number)."$\">\n";
$dialplan_xml .= " <action application=\"answer\" data=\"\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"fax_uuid=".$this->fax_uuid."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"fax_uuid=".xml::sanitize($this->fax_uuid)."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"api_hangup_hook=lua app/fax/resources/scripts/hangup_rx.lua\"/>\n";
foreach($_SESSION['fax']['variable'] as $data) {
if (substr($data,0,8) == "inbound:") {
$dialplan_xml .= " <action application=\"set\" data=\"".substr($data,8,strlen($data))."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"".xml::sanitize(substr($data,8,strlen($data)))."\"/>\n";
}
elseif (substr($data,0,9) == "outbound:") {}
else {
$dialplan_xml .= " <action application=\"set\" data=\"".$data."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"".xml::sanitize($data)."\"/>\n";
}
}
$dialplan_xml .= " <action application=\"set\" data=\"".$last_fax."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"".xml::sanitize($last_fax)."\"/>\n";
$dialplan_xml .= " <action application=\"rxfax\" data=\"$rxfax_data\"/>\n";
$dialplan_xml .= " <action application=\"hangup\" data=\"\"/>\n";
$dialplan_xml .= " </condition>\n";