nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 11:43:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Prevent showing Missed and Recent Calls to users that are not in xml_cdr_domain group and not assigned any extensions.

Browse Source
This commit is contained in:
FusionPBX
2023-10-13 14:25:02 -06:00
committed by GitHub
parent 1ebf3d0826
commit c7ae3b3a63
2 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
app/xml_cdr/resources/dashboard/missed_calls.php
View File

@@ -45,19 +45,24 @@
$sql .= " ) \n";
$sql .= " and (missed_call = true or bridge_uuid is null) ";
$sql .= " and hangup_cause <> 'LOSE_RACE' ";
if (!empty($assigned_extensions)) {
$x = 0;
foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) {
$sql_where_array[] = "extension_uuid = :assigned_extension_uuid_".$x;
$sql_where_array[] = "destination_number = :destination_number_".$x;
$parameters['assigned_extension_uuid_'.$x] = $assigned_extension_uuid;
$parameters['destination_number_'.$x] = $assigned_extension;
$x++;
if (!permission_exists('xml_cdr_domain')) {
if (!empty($assigned_extensions)) {
$x = 0;
foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) {
$sql_where_array[] = "extension_uuid = :assigned_extension_uuid_".$x;
$sql_where_array[] = "destination_number = :destination_number_".$x;
$parameters['assigned_extension_uuid_'.$x] = $assigned_extension_uuid;
$parameters['destination_number_'.$x] = $assigned_extension;
$x++;
}
if (!empty($sql_where_array)) {
$sql .= "and (".implode(' or ', $sql_where_array).") \n";
}
unset($sql_where_array);
}
if (!empty($sql_where_array)) {
$sql .= "and (".implode(' or ', $sql_where_array).") \n";
else {
$sql .= "and false \n";
}
unset($sql_where_array);
}
$sql .= "and start_epoch > ".(time() - 86400)." \n";
$sql .= "order by \n";

35
app/xml_cdr/resources/dashboard/recent_calls.php
View File

@@ -44,23 +44,28 @@
v_xml_cdr
where
domain_uuid = :domain_uuid ";
if (!empty($assigned_extensions)) {
$x = 0;
foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) {
$sql_where_array[] = "extension_uuid = :extension_uuid_".$x;
$sql_where_array[] = "caller_id_number = :caller_id_number_".$x;
$sql_where_array[] = "destination_number = :destination_number_1_".$x;
$sql_where_array[] = "destination_number = :destination_number_2_".$x;
$parameters['extension_uuid_'.$x] = $assigned_extension_uuid;
$parameters['caller_id_number_'.$x] = $assigned_extension;
$parameters['destination_number_1_'.$x] = $assigned_extension;
$parameters['destination_number_2_'.$x] = '*99'.$assigned_extension;
$x++;
if (!permission_exists('xml_cdr_domain')) {
if (!empty($assigned_extensions)) {
$x = 0;
foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) {
$sql_where_array[] = "extension_uuid = :extension_uuid_".$x;
$sql_where_array[] = "caller_id_number = :caller_id_number_".$x;
$sql_where_array[] = "destination_number = :destination_number_1_".$x;
$sql_where_array[] = "destination_number = :destination_number_2_".$x;
$parameters['extension_uuid_'.$x] = $assigned_extension_uuid;
$parameters['caller_id_number_'.$x] = $assigned_extension;
$parameters['destination_number_1_'.$x] = $assigned_extension;
$parameters['destination_number_2_'.$x] = '*99'.$assigned_extension;
$x++;
}
if (!empty($sql_where_array)) {
$sql .= "and (".implode(' or ', $sql_where_array).") ";
}
unset($sql_where_array);
}
if (!empty($sql_where_array)) {
$sql .= "and (".implode(' or ', $sql_where_array).") ";
else {
$sql .= "and false \n";
}
unset($sql_where_array);
}
$sql .= "
and start_epoch > ".(time() - 86400)."