From 9f96c9f6a3399e23b296cc5cc8c67b8e669bf785 Mon Sep 17 00:00:00 2001 From: Alexey Melnichuk Date: Fri, 18 Sep 2015 12:04:52 +0400 Subject: [PATCH 1/7] Fix. Show CDR details when set `showall` --- app/xml_cdr/xml_cdr_details.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/xml_cdr/xml_cdr_details.php b/app/xml_cdr/xml_cdr_details.php index 2009380b4a..aca8978688 100644 --- a/app/xml_cdr/xml_cdr_details.php +++ b/app/xml_cdr/xml_cdr_details.php @@ -47,7 +47,7 @@ else { //get the cdr string from the database $sql = "select * from v_xml_cdr "; if ($_GET['showall'] && permission_exists('xml_cdr_all')) { - if ($sql_where) { $sql .= "where uuid = '$uuid' "; } + $sql .= "where uuid = '$uuid' "; } else { $sql .= "where uuid = '$uuid' and domain_uuid = '$domain_uuid' "; } From 88eed0c35b1a860d1cb58bbcebc7ef314a00d56f Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sat, 19 Sep 2015 17:42:02 -0600 Subject: [PATCH 2/7] Browser developers disabled autocomplete in most browser. A move that makes an assumption that autocomplete is always good. In this particular case it creates a bug. There are a few legitimate reasons to disable autocomplete. In this case I'm disabling it as we are only updating the password when its provided by the user. In this case the user may be and administrator changing a user a password in this case autocomplete would offer the wrong password. Another case have two password fields that must match if both passwords are empty then the passwords are not updated allowing for other user settings to be updated. --- core/users/usersupdate.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/users/usersupdate.php b/core/users/usersupdate.php index 56857dc39d..10bab4cc32 100644 --- a/core/users/usersupdate.php +++ b/core/users/usersupdate.php @@ -462,7 +462,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo " ".$text['label-username'].""; echo " "; if (if_group("admin") || if_group("superadmin")) { - echo " "; + echo " "; } else { echo " ".$username; @@ -472,7 +472,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo " "; echo " ".$text['label-password'].""; - echo " "; + echo " "; echo " "; echo " "; echo " ".$text['label-confirm_password'].""; From fb7a8923ef33a6488573301a5a8880c8843c0677 Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sat, 19 Sep 2015 17:51:16 -0600 Subject: [PATCH 3/7] Another case where autocomplete creates a problem. New user account creation does not benefit from autocomplete. It assumes the user is the currently logged in user which is not what you want on a form to add new users. This code adds an autocomplete honey pot to defeat the browser developers poor assumption. --- core/users/signup.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/core/users/signup.php b/core/users/signup.php index 458dac1b8e..c15e757fc0 100644 --- a/core/users/signup.php +++ b/core/users/signup.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2012 + Portions created by the Initial Developer are Copyright (C) 2008-2015 the Initial Developer. All Rights Reserved. Contributor(s): @@ -298,16 +298,16 @@ if (count($_POST) > 0 && check_str($_POST["persistform"]) != "1") { echo ""; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; From 315f38d6711e9b1fef3e15875dab6bab0598c518 Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sat, 19 Sep 2015 17:59:07 -0600 Subject: [PATCH 4/7] Another situation where autocomplete=off prevented a bug. Provisioning a devcie by adding sip registration information for device provisioning in this case autocomplete always fills in incorrect information. --- app/devices/device_edit.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/devices/device_edit.php b/app/devices/device_edit.php index cc2f8ddcb7..a9861e6422 100644 --- a/app/devices/device_edit.php +++ b/app/devices/device_edit.php @@ -217,6 +217,7 @@ require_once "resources/require.php"; //array cleanup $x = 0; + unset($_POST["autocomplete"][$x]); foreach ($_POST["device_lines"] as $row) { //unset the empty row if (strlen($row["line_number"]) == 0) { @@ -502,6 +503,7 @@ require_once "resources/require.php"; \n"; + echo ""; echo "
".$text['label-username']."
".$text['label-password']."
".$text['label-confirm_password']."
".$text['label-email']."
\n"; echo "\n"; echo "
"; From 584887441d19cfca949c89312fa08af390d6cd5d Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sat, 19 Sep 2015 18:02:31 -0600 Subject: [PATCH 5/7] Adding autocomplete="off" back in case browser developers realize there are legitimate reasons to use it. --- core/users/signup.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/users/signup.php b/core/users/signup.php index c15e757fc0..9d00b2d919 100644 --- a/core/users/signup.php +++ b/core/users/signup.php @@ -298,16 +298,16 @@ if (count($_POST) > 0 && check_str($_POST["persistform"]) != "1") { echo ""; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo " "; echo " "; echo " "; From e24e62e6f1a1a676f45a578b8b85504353a890ad Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sat, 19 Sep 2015 18:13:15 -0600 Subject: [PATCH 6/7] Fix the removal of the autocomplete field. --- app/devices/device_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/devices/device_edit.php b/app/devices/device_edit.php index a9861e6422..84c101e1ad 100644 --- a/app/devices/device_edit.php +++ b/app/devices/device_edit.php @@ -217,7 +217,7 @@ require_once "resources/require.php"; //array cleanup $x = 0; - unset($_POST["autocomplete"][$x]); + unset($_POST["autocomplete"]); foreach ($_POST["device_lines"] as $row) { //unset the empty row if (strlen($row["line_number"]) == 0) { From 4107bd082640846bea6573d6847471290467e0a7 Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sat, 19 Sep 2015 18:19:23 -0600 Subject: [PATCH 7/7] Another case where automcomplete bombs. Accounts -> Extensions password is used for registration not for a login. In FusionPBX if the password is left empty it would automatically create a new password. However auto complete instead puts in the login password this is an undesirable bug that this update fixes by adding a honey pot for the password. --- app/extensions/extension_edit.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/extensions/extension_edit.php b/app/extensions/extension_edit.php index 882809e939..9d1739a0ea 100644 --- a/app/extensions/extension_edit.php +++ b/app/extensions/extension_edit.php @@ -982,7 +982,8 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { echo "}\n"; echo ""; - echo "
\n"; + echo "\n"; + echo ""; echo "
".$text['label-username']."
".$text['label-password']."
".$text['label-confirm_password']."
".$text['label-email']."
\n"; echo "\n"; if ($action == "add") { @@ -1042,7 +1043,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { echo " ".$text['label-password']."\n"; echo "\n"; echo "\n";
\n"; - echo " \n"; + echo " \n"; echo "
\n"; echo " ".$text['description-password']."\n"; echo "