nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-03-03 15:26:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

[security] prevent xml injection and executing switch api cmds (#6594)

Browse Source
This commit is contained in:
agree
2023-03-30 01:24:04 -04:00
committed by GitHub
parent de70dd2910
commit ca36d10121
5 changed files with 158 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/call_centers/call_center_agent_edit.php
View File

@@ -162,6 +162,9 @@
$agent_contact = str_replace("@", "/", $agent_contact);
}
//freeswitch expands the the contact string, so we need to sanitize it.
$agent_contact = str_replace('$', '', $agent_contact);
//prepare the array
$array['call_center_agents'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['call_center_agents'][0]['call_center_agent_uuid'] = $call_center_agent_uuid;

20
app/call_centers/call_center_queue_edit.php
View File

@@ -336,42 +336,42 @@
}
//build the xml dialplan
$dialplan_xml = "<extension name=\"".$queue_name."\" continue=\"\" uuid=\"".$dialplan_uuid."\">\n";
$dialplan_xml = "<extension name=\"".xml::sanitize($queue_name)."\" continue=\"\" uuid=\"".xml::sanitize($dialplan_uuid)."\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^([^#]+#)(.*)\$\" break=\"never\">\n";
$dialplan_xml .= " <action application=\"set\" data=\"caller_id_name=\$2\"/>\n";
$dialplan_xml .= " </condition>\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^(callcenter\+)?".$queue_extension."$\">\n";
$dialplan_xml .= " <condition field=\"destination_number\" expression=\"^(callcenter\+)?".xml::sanitize($queue_extension)."$\">\n";
$dialplan_xml .= " <action application=\"answer\" data=\"\"/>\n";
if (is_uuid($call_center_queue_uuid)) {
$dialplan_xml .= " <action application=\"set\" data=\"call_center_queue_uuid=".$call_center_queue_uuid."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"call_center_queue_uuid=".xml::sanitize($call_center_queue_uuid)."\"/>\n";
}
if (is_numeric($queue_extension)) {
$dialplan_xml .= " <action application=\"set\" data=\"queue_extension=".$queue_extension."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"queue_extension=".xml::sanitize($queue_extension)."\"/>\n";
}
$dialplan_xml .= " <action application=\"set\" data=\"cc_export_vars=\${cc_export_vars},call_center_queue_uuid,sip_h_Alert-Info\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"hangup_after_bridge=true\"/>\n";
if ($queue_time_base_score_sec != '') {
$dialplan_xml .= " <action application=\"set\" data=\"cc_base_score=".$queue_time_base_score_sec."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"cc_base_score=".xml::sanitize($queue_time_base_score_sec)."\"/>\n";
}
if ($queue_greeting_path != '') {
$dialplan_xml .= " <action application=\"sleep\" data=\"1000\"/>\n";
$greeting_array = explode(':', $queue_greeting_path);
if (count($greeting_array) == 1) {
$dialplan_xml .= " <action application=\"playback\" data=\"".$queue_greeting_path."\"/>\n";
$dialplan_xml .= " <action application=\"playback\" data=\"".xml::sanitize($queue_greeting_path)."\"/>\n";
}
else {
if ($greeting_array[0] == 'say' || $greeting_array[0] == 'tone_stream' || $greeting_array[0] == 'phrase') {
$dialplan_xml .= " <action application=\"".$greeting_array[0]."\" data=\"".$greeting_array[1]."\"/>\n";
$dialplan_xml .= " <action application=\"".xml::sanitize($greeting_array[0])."\" data=\"".xml::sanitize($greeting_array[1])."\"/>\n";
}
}
}
if (strlen($queue_cid_prefix) > 0) {
$dialplan_xml .= " <action application=\"set\" data=\"effective_caller_id_name=".$queue_cid_prefix."#\${caller_id_name}\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"effective_caller_id_name=".xml::sanitize($queue_cid_prefix)."#\${caller_id_name}\"/>\n";
}
if (strlen($queue_cc_exit_keys) > 0) {
$dialplan_xml .= " <action application=\"set\" data=\"cc_exit_keys=".$queue_cc_exit_keys."\"/>\n";
$dialplan_xml .= " <action application=\"set\" data=\"cc_exit_keys=".xml::sanitize($queue_cc_exit_keys)."\"/>\n";
}
$dialplan_xml .= " <action application=\"callcenter\" data=\"".$queue_extension."@".$_SESSION["domain_name"]."\"/>\n";
$dialplan_xml .= " <action application=\"callcenter\" data=\"".xml::sanitize($queue_extension)."@".$_SESSION["domain_name"]."\"/>\n";
if ($destination->valid($queue_timeout_app.':'.$queue_timeout_data)) {
$dialplan_xml .= " <action application=\"".$queue_timeout_app."\" data=\"".$queue_timeout_data."\"/>\n";
}

198
app/scripts/resources/scripts/app/xml_handler/resources/scripts/directory/directory.lua
View File

@@ -29,7 +29,7 @@
-- Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
--set the default
continue = true;
continue = true;
--get the action
action = params:getHeader("action");
@@ -52,6 +52,8 @@
json = require "resources.functions.lunajson"
end
local Xml = require "resources.functions.xml";
--include cache library
local cache = require "resources.functions.cache"
@@ -490,207 +492,207 @@
end
--build the xml
local xml = {}
table.insert(xml, [[<?xml version="1.0" encoding="UTF-8" standalone="no"?>]]);
table.insert(xml, [[<document type="freeswitch/xml">]]);
table.insert(xml, [[ <section name="directory">]]);
table.insert(xml, [[ <domain name="]] .. domain_name .. [[" alias="true">]]);
table.insert(xml, [[ <params>]]);
table.insert(xml, [[ <param name="jsonrpc-allowed-methods" value="verto"/>]]);
table.insert(xml, [[ <param name="jsonrpc-allowed-event-channels" value="demo,conference,presence"/>]]);
table.insert(xml, [[ </params>]]);
table.insert(xml, [[ <groups>]]);
table.insert(xml, [[ <group name="default">]]);
table.insert(xml, [[ <users>]]);
local xml = Xml:new();
xml:append([[<?xml version="1.0" encoding="UTF-8" standalone="no"?>]]);
xml:append([[<document type="freeswitch/xml">]]);
xml:append([[ <section name="directory">]]);
xml:append([[ <domain name="]] .. xml.sanitize(domain_name) .. [[" alias="true">]]);
xml:append([[ <params>]]);
xml:append([[ <param name="jsonrpc-allowed-methods" value="verto"/>]]);
xml:append([[ <param name="jsonrpc-allowed-event-channels" value="demo,conference,presence"/>]]);
xml:append([[ </params>]]);
xml:append([[ <groups>]]);
xml:append([[ <group name="default">]]);
xml:append([[ <users>]]);
if (number_alias) then
if (cidr) then
table.insert(xml, [[ <user id="]] .. extension .. [["]] .. cidr .. number_alias_string .. [[>]]);
xml:append([[ <user id="]] .. xml.sanitize(extension) .. [["]] .. xml.sanitize(cidr) .. xml.sanitize(number_alias_string) .. [[ type=>]]);
else
table.insert(xml, [[ <user id="]] .. extension .. [["]] .. number_alias_string .. [[>]]);
xml:append([[ <user id="]] .. xml.sanitize(extension) .. [["]] .. xml.sanitize(number_alias_string) .. [[>]]);
end
else
if (cidr) then
table.insert(xml, [[ <user id="]] .. extension .. [["]] .. cidr .. [[>]]);
xml:append([[ <user id="]] .. xml.sanitize(extension) .. [["]] .. cidr .. [[>]]);
else
table.insert(xml, [[ <user id="]] .. extension .. [[">]]);
xml:append([[ <user id="]] .. xml.sanitize(extension) .. [[">]]);
end
end
table.insert(xml, [[ <params>]]);
table.insert(xml, [[ <param name="password" value="]] .. password .. [["/>]]);
table.insert(xml, [[ <param name="vm-enabled" value="]] .. vm_enabled .. [["/>]]);
xml:append([[ <params>]]);
xml:append([[ <param name="password" value="]] .. password .. [["/>]]);
xml:append([[ <param name="vm-enabled" value="]] .. xml.sanitize(vm_enabled) .. [["/>]]);
if (string.len(vm_mailto) > 0) then
table.insert(xml, [[ <param name="vm-password" value="]] .. vm_password .. [["/>]]);
table.insert(xml, [[ <param name="vm-email-all-messages" value="]] .. vm_enabled ..[["/>]]);
table.insert(xml, [[ <param name="vm-attach-file" value="]] .. vm_attach_file .. [["/>]]);
table.insert(xml, [[ <param name="vm-keep-local-after-email" value="]] .. vm_keep_local_after_email .. [["/>]]);
table.insert(xml, [[ <param name="vm-mailto" value="]] .. vm_mailto .. [["/>]]);
xml:append([[ <param name="vm-password" value="]] .. xml.sanitize(vm_password) .. [["/>]]);
xml:append([[ <param name="vm-email-all-messages" value="]] .. xml.sanitize(vm_enabled) ..[["/>]]);
xml:append([[ <param name="vm-attach-file" value="]] .. xml.sanitize(vm_attach_file) .. [["/>]]);
xml:append([[ <param name="vm-keep-local-after-email" value="]] .. xml.sanitize(vm_keep_local_after_email) .. [["/>]]);
xml:append([[ <param name="vm-mailto" value="]] .. xml.sanitize(vm_mailto) .. [["/>]]);
end
if (string.len(mwi_account) > 0) then
table.insert(xml, [[ <param name="MWI-Account" value="]] .. mwi_account .. [["/>]]);
xml:append([[ <param name="MWI-Account" value="]] .. xml.sanitize(mwi_account) .. [["/>]]);
end
if (string.len(auth_acl) > 0) then
table.insert(xml, [[ <param name="auth-acl" value="]] .. auth_acl .. [["/>]]);
xml:append([[ <param name="auth-acl" value="]] .. xml.sanitize(auth_acl) .. [["/>]]);
end
table.insert(xml, [[ <param name="dial-string" value="]] .. dial_string .. [["/>]]);
table.insert(xml, [[ <param name="verto-context" value="]] .. user_context .. [["/>]]);
table.insert(xml, [[ <param name="verto-dialplan" value="XML"/>]]);
table.insert(xml, [[ <param name="jsonrpc-allowed-methods" value="verto"/>]]);
table.insert(xml, [[ <param name="jsonrpc-allowed-event-channels" value="demo,conference,presence"/>]]);
table.insert(xml, [[ <param name="max-registrations-per-extension" value="]] .. max_registrations .. [["/>]]);
xml:append([[ <param name="dial-string" value="]] .. dial_string .. [["/>]]);
xml:append([[ <param name="verto-context" value="]] .. xml.sanitize(user_context) .. [["/>]]);
xml:append([[ <param name="verto-dialplan" value="XML"/>]]);
xml:append([[ <param name="jsonrpc-allowed-methods" value="verto"/>]]);
xml:append([[ <param name="jsonrpc-allowed-event-channels" value="demo,conference,presence"/>]]);
xml:append([[ <param name="max-registrations-per-extension" value="]] .. xml.sanitize(max_registrations) .. [["/>]]);
for key,row in pairs(extension_settings) do
if (row.extension_setting_type == 'param') then
table.insert(xml, [[ <param name="]]..row.extension_setting_name..[[" value="]]..row.extension_setting_value..[["/>]]);
xml:append([[ <param name="]].. xml.sanitize(row.extension_setting_name)..[[" value="]].. xml.sanitize(row.extension_setting_value)..[["/>]]);
end
end
table.insert(xml, [[ </params>]]);
table.insert(xml, [[ <variables>]]);
table.insert(xml, [[ <variable name="domain_uuid" value="]] .. domain_uuid .. [["/>]]);
table.insert(xml, [[ <variable name="domain_name" value="]] .. domain_name .. [["/>]]);
table.insert(xml, [[ <variable name="extension_uuid" value="]] .. extension_uuid .. [["/>]]);
xml:append([[ </params>]]);
xml:append([[ <variables>]]);
xml:append([[ <variable name="domain_uuid" value="]] .. xml.sanitize(domain_uuid) .. [["/>]]);
xml:append([[ <variable name="domain_name" value="]] .. xml.sanitize(domain_name) .. [["/>]]);
xml:append([[ <variable name="extension_uuid" value="]] .. xml.sanitize(extension_uuid) .. [["/>]]);
if (user_uuid ~= nil) and (string.len(user_uuid) > 0) then
table.insert(xml, [[ <variable name="user_uuid" value="]] .. user_uuid .. [["/>]]);
xml:append([[ <variable name="user_uuid" value="]] .. xml.sanitize(user_uuid) .. [["/>]]);
end
if (contact_uuid ~= nil) and (string.len(contact_uuid) > 0) then
table.insert(xml, [[ <variable name="contact_uuid" value="]] .. contact_uuid .. [["/>]]);
xml:append([[ <variable name="contact_uuid" value="]] .. xml.sanitize(contact_uuid) .. [["/>]]);
end
table.insert(xml, [[ <variable name="call_timeout" value="]] .. call_timeout .. [["/>]]);
table.insert(xml, [[ <variable name="caller_id_name" value="]] .. sip_from_user .. [["/>]]);
table.insert(xml, [[ <variable name="caller_id_number" value="]] .. sip_from_number .. [["/>]]);
table.insert(xml, [[ <variable name="presence_id" value="]] .. presence_id .. [["/>]]);
xml:append([[ <variable name="call_timeout" value="]] .. xml.sanitize(call_timeout) .. [["/>]]);
xml:append([[ <variable name="caller_id_name" value="]] .. xml.sanitize(sip_from_user) .. [["/>]]);
xml:append([[ <variable name="caller_id_number" value="]] .. xml.sanitize(sip_from_number) .. [["/>]]);
xml:append([[ <variable name="presence_id" value="]] .. xml.sanitize(presence_id) .. [["/>]]);
if (call_group ~= nil) and (string.len(call_group) > 0) then
table.insert(xml, [[ <variable name="call_group" value="]] .. call_group .. [["/>]]);
xml:append([[ <variable name="call_group" value="]] .. xml.sanitize(call_group) .. [["/>]]);
end
if (call_screen_enabled ~= nil) and (string.len(call_screen_enabled) > 0) then
table.insert(xml, [[ <variable name="call_screen_enabled" value="]] .. call_screen_enabled .. [["/>]]);
xml:append([[ <variable name="call_screen_enabled" value="]] .. xml.sanitize(call_screen_enabled) .. [["/>]]);
end
if (user_record ~= nil) and (string.len(user_record) > 0) then
table.insert(xml, [[ <variable name="user_record" value="]] .. user_record .. [["/>]]);
xml:append([[ <variable name="user_record" value="]] .. xml.sanitize(user_record) .. [["/>]]);
end
if (hold_music ~= nil) and (string.len(hold_music) > 0) then
table.insert(xml, [[ <variable name="hold_music" value="]] .. hold_music .. [["/>]]);
xml:append([[ <variable name="hold_music" value="]] .. xml.sanitize(hold_music) .. [["/>]]);
end
if (toll_allow ~= nil) and (string.len(toll_allow) > 0) then
table.insert(xml, [[ <variable name="toll_allow" value="]] .. toll_allow .. [["/>]]);
xml:append([[ <variable name="toll_allow" value="]] .. xml.sanitize(toll_allow) .. [["/>]]);
end
if (accountcode ~= nil) and (string.len(accountcode) > 0) then
table.insert(xml, [[ <variable name="accountcode" value="]] .. accountcode .. [["/>]]);
xml:append([[ <variable name="accountcode" value="]] .. xml.sanitize(accountcode) .. [["/>]]);
end
table.insert(xml, [[ <variable name="user_context" value="]] .. user_context .. [["/>]]);
xml:append([[ <variable name="user_context" value="]] .. xml.sanitize(user_context) .. [["/>]]);
if (effective_caller_id_name ~= nil) and (string.len(effective_caller_id_name) > 0) then
table.insert(xml, [[ <variable name="effective_caller_id_name" value="]] .. effective_caller_id_name.. [["/>]]);
xml:append([[ <variable name="effective_caller_id_name" value="]] .. xml.sanitize(effective_caller_id_name).. [["/>]]);
end
if (effective_caller_id_number ~= nil) and (string.len(effective_caller_id_number) > 0) then
table.insert(xml, [[ <variable name="effective_caller_id_number" value="]] .. effective_caller_id_number.. [["/>]]);
xml:append([[ <variable name="effective_caller_id_number" value="]] .. xml.sanitize(effective_caller_id_number).. [["/>]]);
end
if (outbound_caller_id_name ~= nil) and (string.len(outbound_caller_id_name) > 0) then
table.insert(xml, [[ <variable name="outbound_caller_id_name" value="]] .. outbound_caller_id_name .. [["/>]]);
xml:append([[ <variable name="outbound_caller_id_name" value="]] .. xml.sanitize(outbound_caller_id_name) .. [["/>]]);
end
if (outbound_caller_id_number ~= nil) and (string.len(outbound_caller_id_number) > 0) then
table.insert(xml, [[ <variable name="outbound_caller_id_number" value="]] .. outbound_caller_id_number .. [["/>]]);
xml:append([[ <variable name="outbound_caller_id_number" value="]] .. xml.sanitize(outbound_caller_id_number) .. [["/>]]);
end
if (emergency_caller_id_name ~= nil) and (string.len(emergency_caller_id_name) > 0) then
table.insert(xml, [[ <variable name="emergency_caller_id_name" value="]] .. emergency_caller_id_name .. [["/>]]);
xml:append([[ <variable name="emergency_caller_id_name" value="]] .. xml.sanitize(emergency_caller_id_name) .. [["/>]]);
end
if (emergency_caller_id_number ~= nil) and (string.len(emergency_caller_id_number) > 0) then
table.insert(xml, [[ <variable name="emergency_caller_id_number" value="]] .. emergency_caller_id_number .. [["/>]]);
xml:append([[ <variable name="emergency_caller_id_number" value="]] .. xml.sanitize(emergency_caller_id_number) .. [["/>]]);
end
if (missed_call_app ~= nil) and (string.len(missed_call_app) > 0) then
table.insert(xml, [[ <variable name="missed_call_app" value="]] .. missed_call_app .. [["/>]]);
xml:append([[ <variable name="missed_call_app" value="]] .. xml.sanitize(missed_call_app) .. [["/>]]);
end
if (missed_call_data ~= nil) and (string.len(missed_call_data) > 0) then
table.insert(xml, [[ <variable name="missed_call_data" value="]] .. missed_call_data .. [["/>]]);
xml:append([[ <variable name="missed_call_data" value="]] .. xml.sanitize(missed_call_data) .. [["/>]]);
end
if (directory_full_name ~= nil) and (string.len(directory_full_name) > 0) then
table.insert(xml, [[ <variable name="directory_full_name" value="]] .. directory_full_name .. [["/>]]);
xml:append([[ <variable name="directory_full_name" value="]] .. xml.sanitize(directory_full_name) .. [["/>]]);
end
if (directory_visible ~= nil) and (string.len(directory_visible) > 0) then
table.insert(xml, [[ <variable name="directory-visible" value="]] .. directory_visible .. [["/>]]);
xml:append([[ <variable name="directory-visible" value="]] .. xml.sanitize(directory_visible) .. [["/>]]);
end
if (directory_exten_visible ~= nil) and (string.len(directory_exten_visible) > 0) then
table.insert(xml, [[ <variable name="directory-exten-visible" value="]] .. directory_exten_visible .. [["/>]]);
xml:append([[ <variable name="directory-exten-visible" value="]] .. xml.sanitize(directory_exten_visible) .. [["/>]]);
end
if (limit_max ~= nil) and (string.len(limit_max) > 0) then
table.insert(xml, [[ <variable name="limit_max" value="]] .. limit_max .. [["/>]]);
xml:append([[ <variable name="limit_max" value="]] .. xml.sanitize(limit_max) .. [["/>]]);
else
table.insert(xml, [[ <variable name="limit_max" value="5"/>]]);
xml:append([[ <variable name="limit_max" value="5"/>]]);
end
if (limit_destination ~= nil) and (string.len(limit_destination) > 0) then
table.insert(xml, [[ <variable name="limit_destination" value="]] .. limit_destination .. [["/>]]);
xml:append([[ <variable name="limit_destination" value="]] .. xml.sanitize(limit_destination) .. [["/>]]);
end
if (sip_force_contact ~= nil) and (string.len(sip_force_contact) > 0) then
table.insert(xml, [[ <variable name="sip-force-contact" value="]] .. sip_force_contact .. [["/>]]);
xml:append([[ <variable name="sip-force-contact" value="]] .. xml.sanitize(sip_force_contact) .. [["/>]]);
end
if (sip_force_expires ~= nil) and (string.len(sip_force_expires) > 0) then
table.insert(xml, [[ <variable name="sip-force-expires" value="]] .. sip_force_expires .. [["/>]]);
xml:append([[ <variable name="sip-force-expires" value="]] .. xml.sanitize(sip_force_expires) .. [["/>]]);
end
if (nibble_account ~= nil) and (string.len(nibble_account) > 0) then
table.insert(xml, [[ <variable name="nibble_account" value="]] .. nibble_account .. [["/>]]);
xml:append([[ <variable name="nibble_account" value="]] .. xml.sanitize(nibble_account) .. [["/>]]);
end
if (absolute_codec_string ~= nil) and (string.len(absolute_codec_string) > 0) then
table.insert(xml, [[ <variable name="absolute_codec_string" value="]] .. absolute_codec_string .. [["/>]]);
xml:append([[ <variable name="absolute_codec_string" value="]] .. xml.sanitize(absolute_codec_string) .. [["/>]]);
end
if (force_ping ~= nil) and (string.len(force_ping) > 0) then
table.insert(xml, [[ <variable name="force_ping" value="]] .. force_ping .. [["/>]]);
xml:append([[ <variable name="force_ping" value="]] .. xml.sanitize(force_ping) .. [["/>]]);
end
if (sip_bypass_media ~= nil) and (sip_bypass_media == "bypass-media") then
table.insert(xml, [[ <variable name="bypass_media" value="true"/>]]);
xml:append([[ <variable name="bypass_media" value="true"/>]]);
end
if (sip_bypass_media ~= nil) and (sip_bypass_media == "bypass-media-after-bridge") then
table.insert(xml, [[ <variable name="bypass_media_after_bridge" value="true"/>]]);
xml:append([[ <variable name="bypass_media_after_bridge" value="true"/>]]);
end
if (sip_bypass_media ~= nil) and (sip_bypass_media == "proxy-media") then
table.insert(xml, [[ <variable name="proxy_media" value="true"/>]]);
xml:append([[ <variable name="proxy_media" value="true"/>]]);
end
if (forward_all_enabled ~= nil) and (string.len(forward_all_enabled) > 0) then
table.insert(xml, [[ <variable name="forward_all_enabled" value="]] .. forward_all_enabled .. [["/>]]);
xml:append([[ <variable name="forward_all_enabled" value="]] .. xml.sanitize(forward_all_enabled) .. [["/>]]);
end
if (forward_all_destination ~= nil) and (string.len(forward_all_destination) > 0) then
table.insert(xml, [[ <variable name="forward_all_destination" value="]] .. forward_all_destination .. [["/>]]);
xml:append([[ <variable name="forward_all_destination" value="]] .. xml.sanitize(forward_all_destination) .. [["/>]]);
end
if (forward_busy_enabled ~= nil) and (string.len(forward_busy_enabled) > 0) then
table.insert(xml, [[ <variable name="forward_busy_enabled" value="]] .. forward_busy_enabled .. [["/>]]);
xml:append([[ <variable name="forward_busy_enabled" value="]] .. xml.sanitize(forward_busy_enabled) .. [["/>]]);
end
if (forward_busy_destination ~= nil) and (string.len(forward_busy_destination) > 0) then
table.insert(xml, [[ <variable name="forward_busy_destination" value="]] .. forward_busy_destination .. [["/>]]);
xml:append([[ <variable name="forward_busy_destination" value="]] .. xml.sanitize(forward_busy_destination) .. [["/>]]);
end
if (forward_no_answer_enabled ~= nil) and (string.len(forward_no_answer_enabled) > 0) then
table.insert(xml, [[ <variable name="forward_no_answer_enabled" value="]] .. forward_no_answer_enabled .. [["/>]]);
xml:append([[ <variable name="forward_no_answer_enabled" value="]] .. xml.sanitize(forward_no_answer_enabled) .. [["/>]]);
end
if (forward_no_answer_destination ~= nil) and (string.len(forward_no_answer_destination) > 0) then
table.insert(xml, [[ <variable name="forward_no_answer_destination" value="]] .. forward_no_answer_destination .. [["/>]]);
xml:append([[ <variable name="forward_no_answer_destination" value="]] .. xml.sanitize(forward_no_answer_destination) .. [["/>]]);
end
if (forward_user_not_registered_enabled ~= nil) and (string.len(forward_user_not_registered_enabled) > 0) then
table.insert(xml, [[ <variable name="forward_user_not_registered_enabled" value="]] .. forward_user_not_registered_enabled .. [["/>]]);
xml:append([[ <variable name="forward_user_not_registered_enabled" value="]] .. xml.sanitize(forward_user_not_registered_enabled) .. [["/>]]);
end
if (forward_user_not_registered_destination ~= nil) and (string.len(forward_user_not_registered_destination) > 0) then
table.insert(xml, [[ <variable name="forward_user_not_registered_destination" value="]] .. forward_user_not_registered_destination .. [["/>]]);
xml:append([[ <variable name="forward_user_not_registered_destination" value="]] .. xml.sanitize(forward_user_not_registered_destination) .. [["/>]]);
end
if (follow_me_enabled ~= nil) and (string.len(follow_me_enabled) > 0) then
table.insert(xml, [[ <variable name="follow_me_enabled" value="]] .. follow_me_enabled .. [["/>]]);
xml:append([[ <variable name="follow_me_enabled" value="]] .. xml.sanitize(follow_me_enabled) .. [["/>]]);
end
--if (follow_me_destinations ~= nil) and (string.len(follow_me_destinations) > 0) then
-- table.insert(xml, [[ <variable name="follow_me_destinations" value="]] .. follow_me_destinations .. [["/>]]);
-- xml:append([[ <variable name="follow_me_destinations" value="]] .. follow_me_destinations .. [["/>]]);
--end
if (do_not_disturb ~= nil) and (string.len(do_not_disturb) > 0) then
table.insert(xml, [[ <variable name="do_not_disturb" value="]] .. do_not_disturb .. [["/>]]);
xml:append([[ <variable name="do_not_disturb" value="]] .. xml.sanitize(do_not_disturb) .. [["/>]]);
end
table.insert(xml, [[ <variable name="record_stereo" value="true"/>]]);
table.insert(xml, [[ <variable name="transfer_fallback_extension" value="operator"/>]]);
table.insert(xml, [[ <variable name="export_vars" value="domain_name,domain_uuid"/>]]);
xml:append([[ <variable name="record_stereo" value="true"/>]]);
xml:append([[ <variable name="transfer_fallback_extension" value="operator"/>]]);
xml:append([[ <variable name="export_vars" value="domain_name,domain_uuid"/>]]);
for key,row in pairs(extension_settings) do
if (row.extension_setting_type == 'variable') then
table.insert(xml, [[ <variable name="]]..row.extension_setting_name..[[" value="]]..row.extension_setting_value..[["/>]]);
xml:append([[ <variable name="]].. xml.sanitize(row.extension_setting_name)..[[" value="]].. xml.sanitize(row.extension_setting_value)..[["/>]]);
end
end
table.insert(xml, [[ </variables>]]);
table.insert(xml, [[ </user>]]);
table.insert(xml, [[ </users>]]);
table.insert(xml, [[ </group>]]);
table.insert(xml, [[ </groups>]]);
table.insert(xml, [[ </domain>]]);
table.insert(xml, [[ </section>]]);
table.insert(xml, [[</document>]]);
XML_STRING = table.concat(xml, "\n");
xml:append([[ </variables>]]);
xml:append([[ </user>]]);
xml:append([[ </users>]]);
xml:append([[ </group>]]);
xml:append([[ </groups>]]);
xml:append([[ </domain>]]);
xml:append([[ </section>]]);
xml:append([[</document>]]);
XML_STRING = xml:build();
--close the database connection
dbh:release();

29
app/scripts/resources/scripts/resources/functions/xml.lua Normal file
View File

@@ -0,0 +1,29 @@
local xml = {}
function xml:new(o)
o = o or {}
setmetatable(o, self);
self.__index = self;
self.xml = {};
return o;
end
function xml:append(data)
table.insert(self.xml, data);
end
function xml:build()
return table.concat(self.xml, "\n");
end
function xml.sanitize(s)
return (string.gsub(s, "[\"><'$]", {
["<"] = "&lt;",
[">"] = "&gt;",
['"'] = "&quot;",
["'"] = "&apos;",
["$"] = ""
}))
end
return xml;

16
resources/classes/xml.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
if (!class_exists('xml')) {
class xml {
/**
* Escapes xml special characters to html entities and sanitze switch special chars.
*/
static function sanitize($string) {
return str_replace('$', '', htmlspecialchars($string, ENT_XML1));
}
}
}
?>