diff --git a/app/xml_cdr/app_config.php b/app/xml_cdr/app_config.php index 2779af87cf..9df0c958f5 100644 --- a/app/xml_cdr/app_config.php +++ b/app/xml_cdr/app_config.php @@ -343,6 +343,14 @@ $apps[$x]['default_settings'][$y]['default_setting_value'] = "fusionpbx"; $apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false"; $apps[$x]['default_settings'][$y]['default_setting_description'] = "Archive Database Name"; + $y++; + $apps[$x]['default_settings'][$y]['default_setting_uuid'] = "d47ba248-0257-45c6-b418-22c8032414ce"; + $apps[$x]['default_settings'][$y]['default_setting_category'] = "cdr"; + $apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "cidr"; + $apps[$x]['default_settings'][$y]['default_setting_name'] = "array"; + $apps[$x]['default_settings'][$y]['default_setting_value'] = "127.0.0.1/32"; + $apps[$x]['default_settings'][$y]['default_setting_enabled'] = "true"; + $apps[$x]['default_settings'][$y]['default_setting_description'] = "Limit allowed range of addresses for CDR over HTTP POST."; //schema details $y=0; diff --git a/app/xml_cdr/xml_cdr_import.php b/app/xml_cdr/xml_cdr_import.php index 94d4666297..c24e7a8a10 100644 --- a/app/xml_cdr/xml_cdr_import.php +++ b/app/xml_cdr/xml_cdr_import.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2016 + Portions created by the Initial Developer are Copyright (C) 2016-2021 the Initial Developer. All Rights Reserved. Contributor(s): @@ -34,11 +34,27 @@ require_once "resources/require.php"; } else { + //required includes include "root.php"; require_once "resources/require.php"; require_once "resources/pdo.php"; } +//check the domain cidr range + if (isset($_SESSION['cdr']["cidr"]) && !defined('STDIN')) { + $found = false; + foreach($_SESSION['cdr']["cidr"] as $cidr) { + if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) { + $found = true; + break; + } + } + if (!$found) { + echo "access denied"; + exit; + } + } + //increase limits set_time_limit(3600); ini_set('memory_limit', '256M');