nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 11:43:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[bug] Allow specific safe variables

Browse Source 
This is a bug fix for recent security changes. These particular variables are essential to the SIP profile: record-template.
This commit is contained in:
FusionPBX
2023-04-26 10:20:13 -06:00
committed by GitHub
parent 4a71d7a49a
commit 4859282306
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/scripts/resources/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
View File

@@ -267,6 +267,13 @@
-- sip_profile_setting_value = sip_profile_setting_value:gsub("%$", "");
--end
--sanitize the sip profile setting value, allow specific safe variables
sip_profile_setting_value = xml.sanitize(sip_profile_setting_value);
sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{domain_name}", "${domain_name}");
sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{strftime", "${strftime");
sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{uuid}", "${uuid}");
sip_profile_setting_value = string.gsub(sip_profile_setting_value, "{record_ext}", "${record_ext}");
--set the parameters
if (sip_profile_setting_name) then
xml:append([[ <param name="]] .. xml.sanitize(sip_profile_setting_name) .. [[" value="]] .. xml.sanitize(sip_profile_setting_value) .. [["/>]]);